Can the /exploit/multi/handler be used within a meterpreter session ?

[pussinboots1992]

In a scenario which involves 3 machines. The machine A, machine B and machine C.

Machine A is the attacker's machine, machine B has been compromised and can be used to pivot to machine C.

Machine C cannot talk to machine A directly.

Is it possible to start the /exploit/multi/handler on machine B to catch a reverse meterpreter shell from machine C and interact with it from machine A ? Without any port-forwarding...

Is running msfconsole through proxychains, making use of the autoroute module and SOCKS supported to achieve a similar result ?

[zeroSteiner]

Yeah take a look through our pivoting documentaiton. https://docs.metasploit.com/docs/using-metasploit/intermediate/pivoting-in-metasploit.html

You can basically have exploit/multi/handler start the listener via the session from machine-A to machine-B on machine-B. You'd then construct your payload to have machine-C connect to machine-B by setting LHOST to the IP address on machine-B. You'd be looking to use the ReverseListenerComm datastore option to do it explictily and is how I'd recommend you do it in this scenario, but you could also set a route.

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[github-actions]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.