Meterpreter pivot with a bind_named_pipe
I have a pivot setup on a compromised windows 10 box and am trying to get an SYSTEM shell on a separate machine in the target network. I have successfully done this abusing an unquoted service path via a meterpreter/reverse_named_pipe
that connects to my pivot but can this be done using bind_named_pipe
? I may be thinking of it wrong but I want my pivot meterpreter shell to connect to the bind_name_pipe
that is now running as listener via the abused service. In this scenario I don't think I would be able to use a multi/handler
because my attacking machine doesn't have direct access to the target machine unless through the pivot. Or am I thinking about this wrong? Is the multi/handler
aware of the pivot and will use it to access the target network?