Meterpreter pivot with a bind_named_pipe
I have a pivot setup on a compromised windows 10 box and am trying to get an SYSTEM shell on a separate machine in the target network. I have successfully done this abusing an unquoted service path via a meterpreter/reverse_named_pipe that connects to my pivot but can this be done using bind_named_pipe? I may be thinking of it wrong but I want my pivot meterpreter shell to connect to the bind_name_pipe that is now running as listener via the abused service. In this scenario I don't think I would be able to use a multi/handler because my attacking machine doesn't have direct access to the target machine unless through the pivot. Or am I thinking about this wrong? Is the multi/handler aware of the pivot and will use it to access the target network?
