The following diagram of the actual attack path we will use for this demo. We are already on the 10.100.0.0/24 network and ready to pivot to 192.168.202.0/24.

Once we have exploited BO-SRV2, we can then use its interface on the 192.168.202.0/24 network to exploit hosts on that network. Some tools like db_nmap do not work through this type of pivot. The command db_nmap is calling an outside program, nmap, to do the work, and the output of this outside application is imported in the data base. Nmap isn't a Metasploit module. The pivot we are using only allows Metasploit modules to run through this pivot. No worries. Metasploit comes with a lot of its own discovery tools that will work just fine through this pivot.

One way ...