Forum Thread: How to Configure Attack Over WAN While Using a VPN

The following 'How To' will detail how to configure an attack over WAN while using a VPN to hide your real IP address and a DDNS provider to make your IP static. It will also cover how to appropriately set your LHOST and LPORT.

For this tutorial, you need:

For exploitation and post exploitation activities across WAN, a covert channel must be established between the attacking computer (Kali) and compromised target. For this Kali needs a static IP address and an open port. From an OpSec perspective, connecting back to your own computer is not a good look. You probably want to use a VPN to mask your real IP address. I use and recommend Private Internet Access. It's very inexpensive and includes the ability to port forward.

Step 1: Connect to VPN, Choose Port Forwarding

Launch Private Internet Access and select a port-forward enabled gateway to connect to, CA Montreal or CA Vancouver for example. Not all of PIA's gateways are port forward enabled.

*Always connect to your VPN FIRST before syncing your IP with your DDNS.

Step 2: Create a DDNS Hostname

Sign up for an account with a Dynamic DNS provider like No-IP. From your Dashboard, create a Hostname and domain. I've elected

*Using the picture below as a reference, make sure the 'IP/Target' of your newly created hostname matches that given to you by your VPN.

Step 3: Verify Port Forwarding

Verify port forwarding is working correctly by:

  1. In terminal, use netcat to launch a listener on the forwarded port assigned by VPN, in my case it is 25489

nc -l 25489

  1. Visit
  2. The pre-populated IP address should match the one assigned to you by your VPN
  3. Enter the forwarded port number assigned by your VPN
  4. Click 'Check your Port' button. It should say:

Step 4: Set LHOST and LPORT

When configuring payloads for Metasploit or some other exploit framework, your LHOST will be your DDNS hostname/IP address and your LPORT will be the forwarded port given to you by the VPN.

That's it! Easy!

Remember, it is ILLEGAL to hack! You must get explicit consent from owner in all circumstances!

2 Responses

So, to set the listener, it's the same thing? put the port forwarded of the vpn and the static ip? in case of a reverse tcp

Share Your Thoughts

  • Hot
  • Active