LAB Client-Side Exploitation


Hi everyone.

I just completed the lab “Client-Side Exploitation” of Penetration Test Professional (Network Security section), but I have some dubts about the solutions.

The solutions says that it is not possible use the reverse_tcp for exploiting the demo1.ine.local machine. Anyway, I obtained a reverse_tcp meterpreter shell.

I think was possible because of I used the autoroute Metasploit module, the solutions used the autoroute Meterpreter command. I think this is the difference for different behaviour.

Can someone confirm me this or explain me the situation?

Thank you to everyone.

Kind regards.

You are correct. Due to basic networking in the scenario of the lab, the “demo1.ine.local” would not be accessible, normally. However, using the ‘autoroute’ functionality would enable the access necessary to gain the reverse callback.