Posts: 0
Threads: 0
Joined: Oct 2017
Reputation:
0
Level: inf [ ]
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Hey guys,
Now, I've been learning the basics and the more advanced functions of the metasploit framework for the past month, so I think I'm pretty good. However, I've run into a little problem.
Metasploit has a payload which is basically a reverse tcp meterpreter shell on the target's system. Now, it's pretty simple if the target is on your own network, you simply set the LHOST on the payload and the listener as your own computer's internal IP address, but what about if the target is not on your own network?
Do you set the listener on your own internal IP and the payload to connect to your external IP? I assume the port has to be forwarded and allowed on your firewall.
I'm lost here. Any help is appreciated.
Aurora
|
Posts: 0
Threads: 0
Joined: Feb 2023
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
I think if your target is outside your own network, you should put your external IP on the payload, as it is the payload that is running on the target after exploiting it.
Listener should be set on your local IP, if I remember right.
|
Posts: 0
Threads: 0
Joined: Dec 2021
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
If you are generating the payload and then using the handler to receive the connection, you can give the listener your internal ip or 0.0.0.0. When generating the payload, however, you will need to supply your external ip as you obviously need that for the shell to recognize you over WAN.
If you're using an exploit and a reverse shell as the payload, you'll just have to supply your external ip as LHOST. Once the payload is generated, the listener will attempt to listen on your external ip. When it fails, it'll default to listening on 0.0.0.0 and you'll be able to receive your shell. I'll post some examples when I get home if you still don't understand.
|
Posts: 0
Threads: 0
Joined: Apr 2018
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(05-27-2014, 07:44 PM)Aurora Wrote: [To see links please register here] Forward the ports in the firewall only, or also on the router?
EDIT: What's the difference between forwarding a port on your router for your internal IP and for your external IP.
You only forward once, on your router to your internal IP. A tip here would be to set your internal IP to be static, as it will save a lot of trouble later on. You can find many guides for it on google.
Then you open the port on your firewall on your PC. If you're using additional firewall software make sure that you also open the port on the normal firewall (If using Windows). It can be a little buggy and block the ports even when the windows firewall is off.
|
Posts: 0
Threads: 0
Joined: Jan 2018
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(05-27-2014, 07:34 PM)TechSaavy Wrote: [To see links please register here] I think if your target is outside your own network, you should put your external IP on the payload, as it is the payload that is running on the target after exploiting it.
Listener should be set on your local IP, if I remember right.
Ahh, thanks. So will setting the listener on your local IP automatically make the payload connect to your computer instead of any other on the network?
|
Posts: 0
Threads: 0
Joined: Mar 2019
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(05-27-2014, 07:40 PM)TechSaavy Wrote: [To see links please register here] If I remember right, the listener is only to bind the port to the program on your PC (someone correct me if I'm wrong, as I am unsure), so you could put for example 192.168.1.23 (your internal IP), but it should also work if you just put "localhost" in there. I don't think it will make it automatically recognize the PC though, you still have to forward the ports.
Forward the ports in the firewall only, or also on the router?
EDIT: What's the difference between forwarding a port on your router for your internal IP and for your external IP.
Quote: (05-27-2014, 07:44 PM)Dyme Wrote: [To see links please register here] If you are generating the payload and then using the handler to receive the connection, you can give the listener your internal ip or 0.0.0.0. When generating the payload, however, you will need to supply your external ip as you obviously need that for the shell to recognize you over WAN.
If you're using an exploit and a reverse shell as the payload, you'll just have to supply your external ip as LHOST. Once the payload is generated, the listener will attempt to listen on your external ip. When it fails, it'll default to listening on 0.0.0.0 and you'll be able to receive your shell. I'll post some examples when I get home if you still don't understand.
Ahh, I think I get it. Examples would be much appreciated though.
|
Posts: 0
Threads: 0
Joined: May 2021
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(05-27-2014, 07:50 PM)TechSaavy Wrote: [To see links please register here] You only forward once, on your router to your internal IP. A tip here would be to set your internal IP to be static, as it will save a lot of trouble later on. You can find many guides for it on google.
Then you open the port on your firewall on your PC. If you're using additional firewall software make sure that you also open the port on the normal firewall (If using Windows). It can be a little buggy and block the ports even when the windows firewall is off.
Yeah, I got that much, but I was just confused by this, and how it looks on your external IP:
[To see links please register here]
Quote: (05-27-2014, 07:51 PM)Dyme Wrote: [To see links please register here] So I would forward all incoming connections on port 80 to 192.168.1.14 if that machine was a webserver (or shell handler in this instance).
Yeah, that's done.
|
Posts: 0
Threads: 0
Joined: Apr 2022
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(05-27-2014, 07:44 PM)Aurora Wrote: [To see links please register here] EDIT: What's the difference between forwarding a port on your router for your internal IP and for your external IP.
Not sure what you're talking about. You foward a port so that when you receive a connection via your external IP address, it goes to the correct internal machine.
So I would forward all incoming connections on port 80 to 192.168.1.14 if that machine was a webserver (or shell handler in this instance).
|
Posts: 0
Threads: 0
Joined: Apr 2017
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(05-27-2014, 07:36 PM)Aurora Wrote: [To see links please register here] Ahh, thanks. So will setting the listener on your local IP automatically make the payload connect to your computer instead of any other on the network?
If I remember right, the listener is only to bind the port to the program on your PC (someone correct me if I'm wrong, as I am unsure), so you could put for example 192.168.1.23 (your internal IP), but it should also work if you just put "localhost" in there. I don't think it will make it automatically recognize the PC though, you still have to forward the ports.
|
Posts: 0
Threads: 0
Joined: Dec 2016
Reputation:
0
Level: inf []
Total Points: inf
Rank nan / 1
100% to upload Level
Activity inf / 1
99% to upload your Rank
Experience nan
100% to upload Experience
|
Quote:(05-27-2014, 07:44 PM)Aurora Wrote: [To see links please register here] Examples would be much appreciated though.
1st situation I described. My payload was generated using:
Hidden Content
You must [To see links please register here] or [To see links please register here] to view this content.
Then I set up the listener, executed my payload, and received my shell.
Hidden Content
You must [To see links please register here] or [To see links please register here] to view this content.
[/hide]
|
|
