Need help regarding pivoting

Hello,

I need help regarding pivoting. How do you know that there are further machines to pivot? In the enumeration phase of the post-exploitation phase, in this lab: INE, after having compromised the first machine, ipconfig only reveals only one Interface like in this screenshot

In this case, how would I know that there is another machine in the network only accessible through machine 1?

Thank in advance!

Hi. This lab is kinda confusing I admit. In this lab, it is assumed that we have knowledge of the second host IP (i.e. given at the start of the pentest).

With this knowledge and the fact it is a /20 subnet, we know that the second target is in the same subnet as the first target was, but we cannot connect from our Kali machine - maybe because of a firewall or rule that only allows traffic from that subnet.

Therefore, we can use the meterpreter shell as a hop to get further into the network.

It was kinda confusing for me too, but I hope that helped. In short, there is only one network adapter that is part of a /20 subnet that we are given at the start, therefore we simply route through it. In real scenarios, there may be two network interfaces or it may be the same scenario as here.

I no longer have access to the INE labs though I’ve completed the eCPPTv2 so I can’t tell you specifically. But, in general you can find other machines with a quick arp scan command or a TCP scan (usually done after a route is setup in meterpreter if it’s on another subnet). Also good to look at active connections with things like netstat to see if there are any other machines. If you try all of these and you still don’t see another machine in this lab you just go off of it being mentioned in the Lab guidelines similar to how a client might specify which targets are in your scope.