Pivoting is a method of accessing a machine that we have no way of accessing, through an intermediary. The attacker compromises a visible server and then pivots using the compromised server to attack other clients from within the network.
The above figure explains the same. The attacker compromises the server or a machine that is exposed to the internet. Then, using that machine as an intermediary, he gains access to all the other machines which are connected to that network.
Let us look into a scenario exploiting pivoting. Assume that we have two networks with us:
- 192.168.1.0/24, which is compromised by the hacker.
- An internal network with the range of 10.10.10.0/24 is inaccessible from the internet.
Let us understand how it works by exploiting a Windows server 2003 with the DCOM vulnerability:
- After gaining access, to interact with the session; session –i 1 can be used. Here “1” is the number of sessions which was created.
- Now we have to check whether the host system is connected to any other networks, we could do that by ipconfig or ifconfig command (depending on the system).
- Now that we know there are other clients in the network. We can continue.
- We all know how wonderful Metasploit is! Metasploit has an AutoRoute script that will help us to attack the second network with the intermediary as our first machine, but in order to perform the attack, we have to send our session to the background.
- Now add the route to the internal network with the range you have got from the ipconfig scan.
- Now using a ping command, you can confirm that you got access to the whole network.
Also check this payload in Metosploit,