The following diagram of the actual attack path we will use for this demo. We are already on the 10.100.0.0/24 network and ready to pivot to 192.168.202.0/24.
Once we have exploited BO-SRV2, we can then use its interface on the 192.168.202.0/24 network to exploit hosts on that network. Some tools like db_nmap
do not work through this type of pivot. The command db_nmap
is calling an outside program, nmap,
to do the work, and the output of this outside application is imported in the data base. Nmap isn't a Metasploit module. The pivot we are using only allows Metasploit modules to run through this pivot. No worries. Metasploit comes with a lot of its own discovery tools that will work just fine through this pivot.
One way you could look at this method is that it builds on the information we got from the original exploit of the BO-SVR2 machine. With this being the case, we could have dropped a back-door on that server so we could come back at any time to further exploit...