Metasploit is a ruby based framework that provides information about security vulnerabilities, and in many cases the ability to configure said security vulnerabilities for the use of targeting vulnerable hosts. Metasploit has the ability to provide varying levels of access to vulnerable targets via different options when select the payload; for example, a basic shell using CMD payload or you may want to take of use of Metasploit's own shell using the meterpreter payload.

Meterpreter payloads and shells have integrated access to additional tools like Mimikatz, local exploit suggesters and the ability to use a Meterpreter session as a route to accessing a potential new network or area of a network; making it a great tool for pivoting.

‍

There are a couple of methods to route a compromised host using a Meterpreter shell:

‍

During the Meterpreter shell use the following command:

· "run autoroute -s <IP range>

Please note the IP range should be of the network you are wanting to pivot to and not what network you are currently in.

‍

The second method involves backgrounding the Meterpreter shell and using the following command:

· "route add <IP range> <Session ID>"

Once completed either of the above methods the route can be checked by simply entering the command "route". Where by the route through the compromised host to the network of interest will be displayed.

‍