As part of initial enumeration or post-exploitation, you may find a router on the network or an additional interface located on the newly compromised device. Ok but so what? Well often your entry point is not necessarily your ultimate target, and so you want investigate whether you can move from your current location to access another part of the network or perhaps an entirely different network that may have previously been inaccessible. In this case, you will need to “pivot” to enumerate the additional access to the new network and start the process all over again.
Pivoting is the practice of moving from one identified network to the next. Pivoting often occurs whenever an additional IP address/network is discovered on an exploited host. There are multiple ways to pivot (autoroute, route add, port forwarding, proxy chains, plink.exe, ssh, etc.).
The preferred method is with autoroute using Meterpreter. Upon successfully exploiting a host with an additional network interface, you can use the following command to forward all traffic through the newly exploited host.
- meterpreter > run autoroute -s 172.16.6.0/24
There will be times when you are on a network and you will need to create a static route to another network. Should you identify another router on a network or you want to use a different default gateway, you can use the route command.
First, you may want to review the current routes that may already exist. You can use route by itself or route-n.
# route -n
To add a default route to a new network using the newly identified router (default gateway) you can simply input the following command:
# route add default gw 192.168.6.0 eth0