Pivoting

,

Victim Machine 1 : 10.3.26.4
Victim Machine 2 : 10.3.25.199

I’ve gained access to victim 1, I then added the route to the subnet 10.3.0.0/20 but when running the portscan module I get nothing back.

Shouldn’t this (run autoroute -s 10.3.0.0/20) have opened up all options for the 10.3.x.x subnet? Why does the scan only work when I add a route for the subnet of 10.3.26.0/20? I’m honestly not the best at subnetting but I’d like to get better at it. It just makes sense for me to add a route using the first command I used because in my mind that includes the address of 10.3.25.x whereas adding a route for 10.3.26.0/20 makes me feel as if it would go up from there. What I mean by that is after the IP of 10.3.26.255 in this subnet it would go to 10.3.27.0. I hope what I’m trying to explain makes sense. If anyone can help me make sense of this I’d really appreciate this. When asked for tips on taking the eJPT I was told to have a firm grasp on pivoting, so I really want to nail this.

I understand this is an error on my part due to my lack of understand on subnetting. Any resources that can help me with this subject is much appreciated.

Heyyy!

I have not studied pivoting, but I do have some knowledge of subnetting.

In this case your network address would be 10.3.16.0, I’ll explain why:

Your netmask is /20 which is equivalent to 255.255.240.0 which if we pass it to binary is 1111111111.111111111111.11110000.00000000 this means that the first 20 bits of your IP address are the ones that belong to the network.

If we take the first IP 10.3.26.4/ and pass it to Binary (00001010.00000011.00011010.00000100) the first 20 bits are those that identify the network and the rest are those that identify the host.

00001010.00000011.00011010.00000100 → IP
11111111.11111111.11110000.00000000 → Mask

00001010.00000011.00010000.00000000 → Network, which would be the result of passing it through the mask.

If we now take the result after passing the IP through the mask and pass it to decimal we can see that 00001010.00000011.00010000.00000000 equals to: 10.3.16.0

If you do the same process with the second IP you will see that you get the same subnet.

I leave you a web that you can facilitate the process to calculate it:

1 Like

Wow I thought I was decent at subnetting, but looks like I was way wrong. Thank you for this great explanation! I’ll admit, it’s still hard to get my head completely around, but it’s not your explanation. Just a difficult subject to master. For me at least.

1 Like