Let's say that you have compromised one machine on a network and you want to keep going to another machine. You will use the first machine as a staging point/plant/foothold to break into machine 2. Thid technique of using one compromised machine to access another is called pivoting. Machine one is the `pivot` in the example. The `pivot` is just used as a way to channel/tunnel our attack.
#### Ipconfig
We are looking for machines that have at least THREE network interfaces (loopback, eth0, and eth1 (or something)). These machines are connected to other networks, so we can use them to pivot.
```
# Windows
ipconfig /all
route print
#Linux
ifconfig
ifconfig -a
```
## Metasploit
### Ping-sweep the network
First we want to scan the network to see what devices we can target. In this example we already have a meterpreter shell on a windows machine with SYSTEM-privileges.
```
meterpreter > run arp_scanner -r 192.168.1.0/24
```
This command will output all the devices on the netowork.
### Scan each host
Now that we have a list of all available machines. We want to portscan them.
We will to that portscan through metasploit. Using this module:
```
use auxiliary/scanner/portscan/tcp
```
If we run that module now it will only scan machines in the network we are already on. So first we need to connect us into the second network.
On the already pwn machine we do
```
ipconfig
```
Now we add the second network as a new route in metasploit. First we background our session, and then do this:
```
# the ip addres and the subnet mask, and then the meterpreter session
route add 192.168.11.1 255.255.255.0 1
```
Now we can run our portsanning module:
```
use auxiliary/scanner/portscan/tcp
```
### Attack a specific port
In order to attack a specific port we need to forwards it like this
