So lets say you have a shell on a machine that you gain access to over WAN (not LAN totally two different things) you’ve gain root but now you are interested in checking out the local network of your target this is were Port Redirection comes in handy
Tools will use:
Let’s start with your shell this is going to be all utilizing the post modules in metasploit so be sure to upgrade your shell to a meterpreter shell
since scripts are deprecated its best to use the post modules on metasploit it will automatically add the route from the other Wireless cards or Ethernet connections its simple to use this module just background your session then type use multi/post/manage/autoroute set the SESSION and run
Next will need to run the socks4a auxiliary server socks just remember to add the SRVPORT into your proxychains.conf file locate in /etc/proxychains.conf directory
You have 2 options here to use the port scanner on metasploit by typing use auxiliary/scanner/portscan/tcp Or another nice option is to use nmap with a combination of proxychains just run proxychains nmap <ip>
Note: You will run into a firewall so a good tip is to use scripts or different scans like zombie scan or decoys to avoid them and find OPEN ports usually you will get filtered ports so you are on the right track but change the scan type so you can get a different result or probably a banner that helps a lot!
When you encounter a open port and after much long enumeration and finding a vulnerable host all left to do is use the appropriate exploit and gain a shell on the machine
If you noticed you can see that I gained a shell into a same looking machine but if you see the Computer name, connect back IP and port that are completely different and within the same sub-net.