Post Exploitation Pivoting

Hi,
I am doing PTP - Post Exploitation Lab. I got a meterpreter shell on 10.32.120.15 with a backdoor that was installed on the machine. I started enumerating the machine locally and I found FTP credentials and FTP server IP (10.32.121.23) . FTP Server was on another subnet. I ran “run autoroute -s 10.32.121.0/24” and now I am able to scan 10.32.121.23 machine from metasploit. I got information about another subnet from FileZilla files. When I run “route” command on the exploited machine ( 10.32.120.15 ) there is no route to 10.32.121.0/24 subnet. I might ask a stupid question but how does the exploited machine have access to 10.32.121.0/24 subnet when I can’t see a route to the 10.32.121.0/24 network from “route” command?

Thank you.

can you screenshot what you get when you run the “route” command?

Could be no static route added manually and might be using the default route (gateway) to communicate with the other subnets. But ideally there should be at-least one entry shown when you run the route command.

Thank you for the responses. Here is the output of the “route” command on 10.32.120.15 machine:


@jaa @jmason-joshua17sc

It is using the default gateway(the first entry) to access the 10.32.121.0/24 subnet. No other static route entries are configured in the machine.

Yes, I remember that I learned about default route. I should pay more attention to networking. Sorry for the dumb question. Thank you

Doubts are not at all dumb. We all are learning and trying to help eachother. Best wishes.

1 Like