Lateral Movement and Pivoting
Lateral Movement and Pivoting: Lateral movement allows the penetration tester to move further into the targeted network while discovering additional assets and exploiting security vulnerabilities on remote systems with the intent of stealing confidential data and expanding a foothold. Within many organizations, their network is usually segmented with routers and firewalls to prevent cyber-attacks and threats from propagating through their organization. However, there are various host devices that are configured with a dual-homed network connection that simply allows the host to be connected to two different IP networks at the same time. Our target will be Blue vm first. Fire up the Blue vm and kali machine Exploit it and get a shell using ms17-010 exploit. On the Meterpreter session, use the arp command to view the entries within the Address Resolution Protocol (ARP) cache of the compromised target. The ARP cache contains a list of IP-to-MAC address bindings of all the host devices that recently transmitted a message between themselves and the compromised host: meterpreter> arp We can see that the target machine is on two networks one is NAT aka PENTEST-NET(192.168.83.0/24) and another is 172.30.1.0/24(PIVOT-NET) 6. Next, use the ipconfig command within Meterpreter to view a list of network adapters and their IP addresses ...