Hi guys, I already solved the lab without issue, but I try to redo it to focus more on the last part and pivoting, and have some problems.
Jumping directly to the last part I successfully got a Meterpreter session between me and the first target as you can see under active sessions section, also already set a route for the second target via the established session.
Now what I want to do is obtain a reverse Meterpreter session when exploiting the second target instead of a Meterpreter bind as done in the lab solution. The process explaining by the video “Exploiting via pivoting” to get a reverse shell and let all the traffic going from target 1 and target 2 don’t work anymore with newer version of Metasploit, so the only technique working is portfwd.
So I set a reverse portfwd rule on the first target so all connection received from the first target(192.140.224.3) on port 5555 will be redirected on my machine(192.140.224.2) on port 1234 and I also started a listener on my machine on port 1234
Now I configure the exploit options like this, the LHOST is naturally the first target and the LPORT is the port which I had portfwd. Now if I exploit it what would happen is that there will be a reverse connection between target1 and target2 on port 5555 of target1, but because there is a portfwd for port 5555 all the traffic will be redirected to my machine on port 1234 where there is an handler that I expect would give me a Meterpreter session. How you can see from the last screenshot the exploit send the stager and give no session. Im doing something wrong that I cannot see? or am I missing something? or is an issue with the lab?
Anyway using the bind payload and this configuration the exploit work, so I’m sure is a pivoting problem or a lab issue.