Linux Exploitation: Lab 3 - Remote Exploitation and Post Exploitation -- Reverse relaying issue

Hi guys, I already solved the lab without issue, but I try to redo it to focus more on the last part and pivoting, and have some problems.

Jumping directly to the last part I successfully got a Meterpreter session between me and the first target as you can see under active sessions section, also already set a route for the second target via the established session.

Now what I want to do is obtain a reverse Meterpreter session when exploiting the second target instead of a Meterpreter bind as done in the lab solution. The process explaining by the video “Exploiting via pivoting” to get a reverse shell and let all the traffic going from target 1 and target 2 don’t work anymore with newer version of Metasploit, so the only technique working is portfwd.

So I set a reverse portfwd rule on the first target so all connection received from the first target( on port 5555 will be redirected on my machine( on port 1234 and I also started a listener on my machine on port 1234

Now I configure the exploit options like this, the LHOST is naturally the first target and the LPORT is the port which I had portfwd. Now if I exploit it what would happen is that there will be a reverse connection between target1 and target2 on port 5555 of target1, but because there is a portfwd for port 5555 all the traffic will be redirected to my machine on port 1234 where there is an handler that I expect would give me a Meterpreter session. How you can see from the last screenshot the exploit send the stager and give no session. Im doing something wrong that I cannot see? or am I missing something? or is an issue with the lab?

Anyway using the bind payload and this configuration the exploit work, so I’m sure is a pivoting problem or a lab issue.

It’s not a lab issue, it’s your tunneling. You’re not using the tunnel in both directions, so it’s not going to work. You need both a forward port forward and a reverse port forward.

A forward portfwd between who?