Tunnel through owned target?

[jsawyer at ufl.edu (John Sawyer)]

Check out portfwd and route. Route is really more for pivoting like  
what you're referring to but portfwd can be useful, too. Here's some  
links that cover each of them.

Video demo of route in action
http://www.screencast.com/users/huperdefigo/folders/Default/media/4d302b6c-9e5b-4efb-bb5c-83fcc35dfc1d

Pivoting with route
http://carnal0wnage.blogspot.com/2007/09/using-metasploit-to-pivot-through.html

Example of portfwd and brief info on route
http://hkashfi.blogspot.com/2008/04/bypassing-firewalls-with-port.html

-jhs


2009/2/4 Taras P. Ivashchenko <naplanetu at gmail.com>
Hello, list!

In pentesting (especially in internal) it is usual situation when access
to some subnet allowed only for few hosts (admins). And it will be great
it there is some payload to make tunnel through owned hosts for using
others modules. For example, to scan ports on some host through owned
one. Is there such functional in Metasploit?

P.S. In Core Impact there is same possibility to run all modules through
installed agent on target host.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090205/0574718d/attachment.htm>