Forum Thread: Meterpreter with Proxy or TOR

Meterpreter with Proxy or TOR

Hello everyone, I'm new on null-byte, it's my first question.

I've searched a lot on google about how making a reverse payload which use TOR network or a proxy, to avoid my IP appearing somewhere.

I had no really success in my search..

I prefer using TOR instead of proxy, however if TOR isn't possible I will use a proxy. Can someone tell me where to start ? I've heard about hidden TOR service; but it suppose that the victim machine has TOR on it, right?

7 Responses

And I'm speaking only about reverse connection because I suppose that i don't have the victim IP.

Futhermore, even if I have the IP, and that I try to connect to the infected computer; how will the victim box know to which computer my request must be transmitted? It would need a port redirection in the victim box?

Sorry for my bad english :)

Look, Tor is VERY complex...Your packets change their identity 3-4 times through Tor before arriving to their destination... Except if you used something like a .onion domain that points to your computer...I don't know o.O... Better stick with proxies... :)

Alright, thanks for your answers :)

DONFN, for proxies, is it better to use bind or reverse tcp?
Do you have a complete tutorial about using them ? (I'm not familiar at all with proxies)

About the .onion domain, i've saw on internet some people using reverse http payloads to connect back to their computer, but I failed to reproduce it.

LULU, when you say to find my public IP, you mean that I find the IP of the 3rd tor server, the IP which is appearing when I'm connecting to websites for instance?

But there are problems using it for reverse connection :

  • The tor circuit will change each time i relaunch the module, so no possibility to keep in touch with the payload...
  • How the tor server will know that he has to redirect the traffic sended by the payload to me?

Sorry if I misunderstood your says ^^

You can't use reverse connection trough a proxy, only bind

That is not accurate.

why so?

Share Your Thoughts

  • Hot
  • Active