Forum Thread: Meterpreter on WAN

I asked a classmate if I can hack his computer after he recently built it and he said yes.

I configured my Verizon router for 192.168.1.10 to be a DMZ host. If I were to set up a meterpreter payload where my LHOST was 192.168.1.10 and my LPORT to be 4444 and have my victim, who is on a totally different wireless network and totally different area, open it, would it start a meterpreter session?

Also, I have set up port forwarding on my router. If the above does not work, what do I do next? I know that I have a "tunnel" between IP addresses, but how can I start meterpreter?

And what should I learn next?

8 Responses

Did you set the LHOST to your public IP when generating the payload?

I have set my payloads LHOST to be my public and the listener to be 192.168.1.10. What's next?

I also have read about setting up a VPS. I am confused now and I do not know what I have done correctly. In my Verizon settings,

I clicked port toward, and specify IP as my victims public with port 445. Help?

No, you need to set the options to your local IP and selected port.

So to recap:

  1. I set my IP to be static thru Control Panel.
  2. I access my Verizon router's settings thru Default Gateway: 192.168.1.1
  3. I go to Firewall Settings/Port Forwarding, and specify my IP as 192.168.1.10, and the port to be open as 4444.
  4. I go to my Kali VM. I set a msfpayload with meterpreter with my LHOST as my Public IP
  5. I open msfconsole, and set up a listener with the meterpreter payload, with the LHOST as 192.168.1.10, or my local IP and my LPORT as the port I port forwarded, aka 4444.
  6. I exploit, and when .exe payload is opened, I start a meterpreter session.

Is that correct? Is there anything else I need to add?

Thanks for the advice! I have been getting quite confused after reading about networks, and watching stuff on YT.

If you did it correctly, that should be all. :)

like Cracker already said, all you need to do is set LHOST to your public IP and make sure your forwarded port isn't blocked by your isp. you can check if your forwarded port is open by going here. also, make sure the port you forwarded is forwarded to port 4444. then set LHOST to your forwarded port, but set up the listener on port 4444. you can do this in the advanced options of metasploit (show advanced).

-Phoenix750

But when you are starting the listener, use your own internal IP then the router would know who to forward to in the network but the payload needs your external / public IP because its is looking for your machine on a different network.

Yup, think of it as finding a house. You first need the city address (public IP), but you then need to find one house in the city with a different address (local IP). Make sense, Alan?

Share Your Thoughts

  • Hot
  • Active