I am currently doing an ethical engagement but need some assistance in regarding pivoting using Metasploit.
The environment consists of three machines, attacking Kali machine, Web Server and a Windows Server.
My attacking machine is a external machine hosted on a VPS. Both the Web Server and Windows Server are in their own internal network. The web server is connected to the attacking Kali machine using a Linux x86 reverse meterpreter TCP shell via port 80. After connecting I have ran commands to gain infromation including the ifconfig command. I then used the ‘post/multi/manage/autoroute’ to add the routes from my session. The module adds the routing information but I do not get any results when using ‘ARP scanner’ or the ‘Port Scanner’ modules.
Any ideas why this might be happening?