Forum Thread: Meterpreter with Proxy or TOR

Hello everyone, I'm new on null-byte, it's my first question.

I've searched a lot on google about how making a reverse payload which use TOR network or a proxy, to avoid my IP appearing somewhere.

I had no really success in my search..

I prefer using TOR instead of proxy, however if TOR isn't possible I will use a proxy. Can someone tell me where to start ? I've heard about hidden TOR service; but it suppose that the victim machine has TOR on it, right?

8 Responses

And I'm speaking only about reverse connection because I suppose that i don't have the victim IP.

Futhermore, even if I have the IP, and that I try to connect to the infected computer; how will the victim box know to which computer my request must be transmitted? It would need a port redirection in the victim box?

Sorry for my bad english :)

Look, Tor is VERY complex...Your packets change their identity 3-4 times through Tor before arriving to their destination... Except if you used something like a .onion domain that points to your computer...I don't know o.O... Better stick with proxies... :)

Alright, thanks for your answers :)

DONFN, for proxies, is it better to use bind or reverse tcp?
Do you have a complete tutorial about using them ? (I'm not familiar at all with proxies)

About the .onion domain, i've saw on internet some people using reverse http payloads to connect back to their computer, but I failed to reproduce it.

LULU, when you say to find my public IP, you mean that I find the IP of the 3rd tor server, the IP which is appearing when I'm connecting to websites for instance?

But there are problems using it for reverse connection :

  • The tor circuit will change each time i relaunch the module, so no possibility to keep in touch with the payload...
  • How the tor server will know that he has to redirect the traffic sended by the payload to me?

Sorry if I misunderstood your says ^^

You can't use reverse connection trough a proxy, only bind

That is not accurate.

why so?

It would be impossible to use tools like metasploit with Tor, because tor specifically prohibits this sort of thing., because it has been used as a deanonymization technique to attack tor in the past, specifically to gain control of guard and exit nodes.

Share Your Thoughts

  • Hot
  • Active