Forum Thread: How Is Penetration Testing Take Place Over WAN?

Hello guys,

I have been into Pen Testing for awhile now and managed to exploit some vulnerabilities and gain user/root privileges on LANs ONLY. I was wondering how would be the steps of hacking into a machine through WAN.

One more thing, Would the results returned from a scan of a Public IP lead to hacking into a network over WAN?

Thanks in advance!

12 Responses

if u want to hack anything across the globe or wan ..all u have to do is to changet the lhost in any exploits u make to the external ip address .....type in google whatismyip and it shall give u the router ip address ...use it to hack over wan ...but do one more step ..

assume that u r hacing a windows ..when u finish writing the exploit info in the ,etasploit famework do not forget to write this command

set reverselistenerbindaddress (the local ip of the hacker machine) ..this allows u to reverse the connection to the listening framework

hope that answers ur question


Thanks for your answer

Could you please explain this in the following example for me?

Let's say that a friend wants me to penetrate his machine ( he is on his own home network and I am on my own home network ) basically connected over WAN.

He gives me his Public IP address.

How would I manage to reach his machine?
What am I capable of doing with having his Public IP address?
What would be my remote host here?

If I set the local host to be my own Public IP address, how would the router return the results to my machine when there are few other machines connected to my router?

There are two ways to infect a device. One is to exploit the system, the other is to make the user open a malicious file. Both can be done over WAN but in slightly different ways. One of the most common ways is getting the target to run a malicious file using a reverse tcp or http payload. You first create the malicious file, then you set up a listener to listen for the connection back when the file is opened. To do this over WAN, you must set up your payload using your public IP address as the Lhost. Then you set up your listener with your private IP address as your Lhost. You must then port forward the Lport you used. Port forwarding will tell your router where to send the traffic to. (Lport will need to be the same on the file as well as the listener) Once the file is opened, it will give you a session.

Hacking into a computer without the user opening a malicious file is quite a bit more complicated if you only know their IP address. It requires a remote code execution vulnerability that you could exploit and is running through an open port on their router. To do this, you would set the Rhost as the target public IP address. Rport would depend on the exploit.

Examples are Ms08-067 and MS17-010.

Thank you, but one question: How would I target the right machine if all connected devices (machines) in a network have the same public IP?

You would target the router and pivot into the network.

Thank you dude.

Use your public IP address for your RAT Lhost. Port forward your Lport. Use your private IP address as your Lhost for your listener.

sorry, but how does this work?
What is RAT Lhost supposed to mean?
How would my private IP communicate with public if i don't set my public IP as my Lhost?

My response was to Comr Hisho... Not to your post.

And you need to understand between payload and listener. Both use Lhost and Lport however to run the payload over WAN, the Lhost will be your public IP address. The Lport will be the same on both the payload and the listener. The listener Lhost must always be the private IP address of the kali machine. Then the Lport you selected must be port forwarded in the router. What happens is when payload is run, it will send data to your public IP address, which leads to your router. Your router will then send the traffic through the port you selected to your listener on your kali machine.

Share Your Thoughts

  • Hot
  • Active