double pivoting with meterpreter


hello folks

today we will talk about double pivoting using Meterpreter shell sessions
I will just focus on pivoting and some techniques – without exploitation because that, not our topic today

at first, this is our topology

our machine Kali Linux assuming as an attacker have IP =

the next win7 is assuming as first pivot point have 2nic first IP is = 2nd IP is =

the next win7 is assuming as second pivot point have 2nic first IP is = 2nd IP is =

and at last, our target metasploitable have only one IP =

at first, as I told before whatever how we gain access to the machine it’s not my problem today assuming that you find to exploit in first target win7 and you used it to get meterpreter shell so we have meterpreter shell we will use command ipconfig to network cards for this machine and see how many networks this machine connected to it

as we see and I told you before we have 2 Nic first IP is = 2nd IP is =

so we need to access to the other network that we are not connected directly on it

so we will use command #run autoroute -s
 then check for routing table by # run autoroute -p

now you are ready to access the network but in Metasploit, so I already know there is another target that ip (second pivot point )

so I will make meterpreter shell by msfvenom and make bind shell to get meterpreter and configure handler to receive connection for the second target



also, check for nic's via #ipconfig

oh there is third network connected to machine  😀  as we see ok let’s route it

now we can access to remote network and as I told until now we can access it in Metasploit so you will find many posts and aux that work with you, for example, I will use post/ping_Sweep that make local network discover 🙂

so as we see here we found many IP’s such as that metasploitable machine so what about using another auxiliary to check ports open on this machine such as lovely Nmap did 🙂


so as we see here we have many ports open so you can deice which port you will choose to start attacking his services 😀 if you are web PT I know you will look for port 80 and if you network PT maybe you look to port 21 or 22 to make some brute force attack

whatever which port you need what if you need to access this port locally, for example, you need to access port 80 for meta through your local web browser to make this it’s very easy mesy you will use port forwarder so let’s forward port 80


from last meterprter ssestion we use command

#portfwd add -L XmyIPX -l Xmy-localport-listen-to-remote-portX -p Xremote port i need to accessX -r Xremote host IPX

then you can access this from your browser like this

now we finish examples for used Metasploit aux and post and port forward what if you need to use outside (Metasploit) tolls such as Nmap etc. so here we need to use a module called socks4a and configure proxychains a

t first we use /server/socks4a


after the finish when you use command #jobs you will find 2 jobs for socks work

now you need to configure proxychains file

here I forget to take screenshots 😀 for file config but it’s very easy

you will just put 2 lines in the file

socks4 1080

socks4 1090

and don’t forget to save it

now your proxychains is ready to use let’s try it

it works fine without problem with Nmap
in my case, i use proxychains4 that better than normal proxy chains


in conclusion

I would thank Ebrahim Kadhi and Eslam Medhat
now we are finished and I hope you like my topic



Leave A Reply

Your email address will not be published.

SignupSubscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.

Subscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.