PenTest+ Practice Tests Book - SYBEX
D. Metasploit is a tool for the development of exploits and the testing of them on live targets. The socks4a auxiliary is a module from within the framework. This auxiliary module provides a proxy server that uses Metasploit Framework routing to relay connections. So, using the use auxiliary/server/socks4a module allows a tester to access a private network from the Internet.
Don't think this is right. Probably A is correct. - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/server/socks4a.md
It will be socks4a that will create a session through the internet. (the question says access the network.) It will not be autoroute because that will help you pivot to another computer in the network. Meaning you are already in.
Once you got access to a perimeter box that has 2 NIC (1 for internal network and 1 for inet), you'll use
B. run autoroute -s 192.168.1.0/24 in order to ACCESS the internal network.
Once you got access using 'autoroute' you can use
D. use auxiliary/server/socks4a in order to run post modules in meterpreter
Therefore, first you'll need B to access, and after D to enumerate, run scripts....
Answer B. run autoroute -s 192.168.1.0/24
https://www.ivoidwarranties.tech/posts/pentesting-tuts/pivoting/meterpreter/
I would go with B:
Preparing to pivot across a network requires us to first establish a Meterpreter session on the victim machine. From there, we can use the autoroute script to enable access to the non-routable subnet:
meterpreter > run autoroute -s 10.0.0.0/24
Note: An non-routable address is a private network address.
Non-routable: https://docs.actian.com/dataconnect/11.1/index.html#page/User/Non-routable_Addresses.htm
Sorry, I missed a source for the autoroute script:
https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/server/socks4a.md
Agree with you. "Preparing to pivot across a network requires us to first establish a Meterpreter session on the victim machine. From there, we can use the autoroute script to enable access to the non-routable subnet" - https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/server/socks4a.md
run autoroute -s 192.168.1.0/24 - Add a route to 192.168.1.0/24 (establish a Meterpreter session on the victim machine - https://www.offensive-security.com/metasploit-unleashed/Pivoting/
use auxiliary/server/socks4a - Setup and run a socks proxy over meterpreter, this module provides a socks4a proxy server that uses the builtin Metasploit routing to relay connections. - https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
https://nullsweep.com/pivot-cheatsheet-for-pentesters/
set rhost 192.168.1.10 - Set the target address
db_nmap -iL /tmp/privatehosts.txt - Use nmap and place results in database
upvoted 4 times
...
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mr_robot
Highly Voted 5 years, 2 months agomr_robot
5 years, 1 month agokhuno
5 years agobyrne
Highly Voted 4 years, 6 months agomiabe
Most Recent 2 years, 11 months agoanonamphibian
3 years, 4 months agoCock
3 years, 4 months agokabwitte
4 years, 11 months agokabwitte
4 years, 11 months agoD1960
5 years, 3 months agokabwitte
4 years, 11 months agodumdada
3 years, 7 months agomr_robot
5 years, 1 month ago