Dynamic Port Redirection (Meterpreter)

So lets say you have a shell on a machine that you gain access to over WAN (not LAN totally two different things) you’ve gain root but now you are interested in checking out the local network of your target this is were Port Redirection comes in handy


Tools will use:

  • Metasploit
  • Nmap
  • Proxychains
  • Nano
  • Patience

Let’s start with your shell this is going to be all utilizing the post modules in metasploit so be sure to upgrade your shell to a meterpreter shell


Screenshot from 2018-07-15 00-34-32

since scripts are deprecated its best to use the post modules on metasploit it will automatically add the route from the other Wireless cards or Ethernet connections its simple to use this module just background your session then type use multi/post/manage/autoroute set the SESSION and run

Screenshot from 2018-07-23 00-50-25

Next will need to run the socks4a auxiliary server socks just remember to add the SRVPORT into your proxychains.conf file locate in /etc/proxychains.conf directory


Screenshot from 2018-07-23 20-58-22

You have 2 options here to use the port scanner on metasploit by typing use auxiliary/scanner/portscan/tcp Or another nice option is to use nmap with a combination of proxychains just run proxychains nmap <ip>


Screenshot from 2018-07-23 21-03-27

Note: You will run into a firewall so a good tip is to use scripts or different scans like zombie scan or decoys to avoid them and find OPEN ports usually you will get filtered ports so you are on the right track but change the scan type so you can get a different result or probably a banner that helps a lot!

When you encounter a open port and after much long enumeration and finding a vulnerable host all left to do is use the appropriate exploit and gain a shell on the machine

Screenshot from 2018-07-23 00-58-38If you noticed you can see that I gained a shell into a same looking machine but if you see the Computer name, connect back IP and port that are completely different and within the same sub-net.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s