PIVOTING

  • Use the hacked device as a pivot.
  • Try to gain access to other devices in the network.

Tool: Metasploit - AUTOROUTE Module

Target: Metasploitable VM

  • Set up a route between hacker and hacked device.
  • Gives hacker access to devices on the network.
  • Use Metasploit exploits auxiliaries ...etc

1. Use it

use post/multi/manage/autoroute

2. Set subnet of the target network

set subnet [subnet]

3. Set Session id.

set session [id]

4. exploit

exploit

Then you can exploit Metasplotable VM now.

For more information about Pivoting, please refer to:

https://www.offensive-security.com/metasploit-unleashed/pivoting/

Ethical Hacking - POST EXPLOITATION(4)的更多相关文章

  1. Ethical Hacking - POST EXPLOITATION(3)

    Spying - Capturing Key Strikes & Taking Screen Shots Log all mouse/keyboard events > keyscan- ...

  2. Ethical Hacking - POST EXPLOITATION(2)

    MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead ...

  3. Ethical Hacking - POST EXPLOITATION(1)

    METERPRETER BASICS >help - shows help >background - backgrounds current session >sessions - ...

  4. Ethical Hacking Tutorials

    Ethical Hacking Tutorials Free Ethical Hacking Tutorials https://www.guru99.com/ethical-hacking-tuto ...

  5. Ethical Hacking - Overview

    Hacking is gaining unauthorized access to anything. Preparation Setting up a lab and installing need ...

  6. Ethical Hacking - Web Penetration Testing(3)

    EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable fil ...

  7. Ethical Hacking - GAINING ACCESS(22)

    CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number o ...

  8. Python Ethical Hacking - Basic Concetion

    What is Hacking? Gaining unauthorized access. Hackers? 1.Black-hat Hackers 2.White-hat Hackers 3.Gre ...

  9. Ethical Hacking - GAINING ACCESS(4)

    SERVER SIDE ATTACKS - METASPLOIT Metasploit is an exploit development and execution tool. It can als ...

随机推荐

  1. OS_进程调度:C++实现

    实验二.进程调度模拟实验 一.实验目的: 本实验模拟在单处理机环境下的处理机调度,帮助理解进程调度的概念,深入了解进程控制块的功能,以及进程的创建.撤销和进程各个状态间的转换过程. 二.实验内容: 进 ...

  2. JavaWeb网上图书商城完整项目--day02-14.登录功能的login页面处理

    1.现在注册成功之后,我们来到登录页面,登录页面在于 在登录页面.我们也需要向注册页面一样对登录的用户名.密码 验证码等在jsp页面中进行校验,校验我们单独放置一个login.js文件中进行处理,然后 ...

  3. java web20套项目

    http://shenghuo.lshou.com/c4154/t5bdbcc98b9a9.html

  4. Spring:一、基本模块思维导图

  5. jfinal运行时报错分析java.lang.ClassNotFoundException: com.sun.faces.config.ConfigureListener

    这里解释一下,我用maven jetty运行没啥问题的项目,当我切换tomcat时候出现如下错误. 问题1. - jar not loaded. See Servlet Spec 3.0, secti ...

  6. 使用TimerTask创建定时任务

    使用TimerTask创建定时任务,打包之后应用于linux系统 step1:创建java项目 step2:代码实现 定时任务实现类CreateTask.java是打印操作者的名字 配置准换类Conf ...

  7. Pikachu靶场SQL注入刷题记录

    数字型注入 0x01 burp抓包,发送至repeater 后面加and 1=1,and 1=2 可判断存在注入 0x02 通过order by判断字段数,order by 2 和order by 3 ...

  8. DOM-BOM-EVENT(1)

    1.DOM简介 DOM(Document Object Model)即文档对象模型,是HTML和XML文档的编程接口.它提供了对文档的结构化的表述,并定义了一种方式可以使得从程序中对该结构进行访问,从 ...

  9. 恕我直言你可能真的不会java第10篇-集合元素归约

    Stream API为我们提供了Stream.reduce用来实现集合元素的归约.reduce函数有三个参数: Identity标识:一个元素,它是归约操作的初始值,如果流为空,则为默认结果. Acc ...

  10. 六.url配置

    1.Django 如何处理一个请求 (1). django 加载 ROOT_URLCONF(settings.py中配置的) 指定的模块,并寻找可用的urlpatterns变量.它是 django.c ...