Simulated internal network pivoting attack using Metasploit to access a non-directly reachable system via a compromised Windows machine.
This project demonstrates a network pivoting attack in a controlled lab environment. The objective was to access an internal system that was not directly reachable from the attacker machine by leveraging a compromised Windows system.
To simulate a real-world internal network penetration testing scenario using pivoting techniques and gain access to an isolated target machine.
- Attacker Machine: Kali Linux
- Pivot Machine: Windows 10
- Target Machine: Metasploitable
- Kali ↔ Windows: 192.168.x.x
- Windows ↔ Target: 10.x.x.x
- No direct access between Kali and Target
A reverse connection payload was generated and executed on the Windows machine, resulting in a remote session.
(Payload details have been generalized for security reasons)
The compromised Windows system was configured as a pivot point to access the internal network using Metasploit routing techniques.
Internal hosts and services were identified using scanning modules through the established pivot.
Discovered Services:
- FTP (21)
- SSH (22)
- Telnet (23)
- HTTP (80)
- SMB (139, 445)
A known vulnerability in the SMB/Samba service was leveraged to gain access to the internal target system.
(Exploit module details intentionally limited)
After successful exploitation:
- Command execution was achieved
- User privileges were verified
- Administrative/root-level access was obtained
- Successfully bypassed network segmentation
- Accessed internal system via pivoting
- Gained full control over the target machine
- Apply regular security patches
- Disable unnecessary services (e.g., SMB if not required)
- Implement network segmentation and monitoring
- Use endpoint detection and response (EDR) solutions
| Technique | Description |
|---|---|
| T1090 | Proxy / Pivoting |
| T1046 | Network Service Scanning |
| T1210 | Exploitation of Remote Services |
| T1021 | Remote Services |
| T1059 | Command and Scripting Interpreter |
This project was conducted in a controlled lab environment for educational and ethical purposes only. Do not attempt these techniques on unauthorized systems.



