Add named pipe pivot documentation

[adfoster-r7]

Adding docs on named pipe pivoting for Windows Meterpreter

[bwatters-r7]

You may want to add a section on the handler, as this is a bit unclear and non-intuitive, IMO:

When you launch the named pipe payload, you need to have a listener open to receive the connection. The reverse_named_pipe payload will start a payload when you run to_handler:

msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > to_handler
[*] Payload Handler Started as Job 2
msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > jobs -l

Jobs
====

  Id  Name                    Payload                                     Payload opts
  --  ----                    -------                                     ------------
  0   Exploit: multi/handler  windows/x64/meterpreter/reverse_tcp         tcp://10.5.135.101:4578
  2   Exploit: multi/handler  windows/x64/meterpreter/reverse_named_pipe

Unfortunately, that handler is not used by the named_pipe_payload. Note that the callback is to the original handler from the intermediate session:

msf6 payload(windows/x64/meterpreter/reverse_named_pipe) > [*] Meterpreter session 4 opened (Pivot via [10.5.135.101:4578 -> 10.5.132.101:51057]) at 2022-06-06 14:05:38 -0500

Ensure you have a handler open from the intermediate stage.

[bwatters-r7]

Updated: adfoster-r7#8

[bwatters-r7]

@adfoster-r7 I'm happy to merge the PR I put up and land this if it works for you.

[adfoster-r7]

@bwatters-r7 Merged, thanks! 🎉

[bwatters-r7]

Release Notes

This PR adds documentation for using named pipe pivoting with Windows Meterpreter.