Reverse Connections through a Compromised Host

["Demetris Papapetrou" <dpapapetrou () internalaudit gov cy>]

Dear list members,

 

When I try to exploit a machine via an already established pivot point on a
compromised host and set the payload to meterpreter/reverse_tcp I get the
following message during exploitation

 

[*]  Started reverse handler on [compromised host] via the meterpreter on
session [pivot session]".

 

This means that somehow Metasploit or more specifically meterpreter opens
some kind of a listener on the compromised host which receives the
reverse_tcp connection and forwards it through the pivot session to the
attacker's machine.  

What I would like to know is which part of Metasploit/Meterpreter is
responsible for this listener/forwarding functionality and whether I could
use it outside of an exploit attempt (e.g. as a standalone listener service
that backdoors on other machines with no direct access to the Internet could
use to reach me)? 

 

Thank you all in advance for your replies.

 

Demetris

 

 

_______________________________________________
https://dev.metasploit.com/mailman/listinfo/framework