Hello, So if you are trying to perform a remote exploit on a computer say using meterpreter is there a way to access it without using your personal IP address to prevent it being traced? Could you somehow use a VPN? For example could you somehow set the RHOST to a VPN IP and then connect to that VPN? Sorry if my question is confusing or if it is redundant but any help would be greatly appreciated. Thanks!
Forum Thread: Protecting Yourself When Remotely Accessing an Exploit.
- Hot
- Active
-
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
2 mo ago -
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
2 mo ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
2 mo ago -
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
3 mo ago -
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
4 mo ago -
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
5 mo ago -
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
6 mo ago -
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
7 mo ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
7 mo ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
7 mo ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
9 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
9 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
10 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
10 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
10 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
10 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
11 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
11 mo ago
-
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To:
Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To:
Dox Anyone
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
-
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
Steganography:
How to Hide Secret Data Inside an Image or Audio File in Seconds
-
How To:
Perform Advanced Man-in-the-Middle Attacks with Xerosploit
-
Tutorial:
DNS Spoofing
-
How To:
Enable the New Native SSH Client on Windows 10
-
How To:
Scan for Vulnerabilities on Any Website Using Nikto
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Target Bluetooth Devices with Bettercap
-
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How To:
Build a Beginner Hacking Kit with the Raspberry Pi 3 Model B+
-
How To:
Scrape Target Email Addresses with TheHarvester
4 Responses
In this wonderful tutorial by OccupyTheWeb you learn how to use a tool called proxychains. Great tool. With this tool you can route msfconsole through proxies.
Note: Your question was good and well asked! We don't always get people asking like you did. Thank you!
I think you mean LHOST as RHOST is your target. Unless you are attacking the VPN service itself.
I think I understand the concept of Proxychains to route msfconsole. But what would interest me, is how I can cover the outgoing connection from the exploit on the victims computer.
Because Hardcoding my own public IP in the exploit doesn't sound safe. Could you not simply find out where the exploit connects to via Wireshark or some similar software?
The only way I could think of is letting the exploit connect to a listener on an anonymous remote computer and accessing it via Proxychains, so the attack can't be traced back to me.
I hope this question is understandable, thanks in advance
Its actually quite a bit easier than that. Every windows machine has a command built-in that lists all connections to the machine. That command is: netstat - a
What you can do has been suggested on NB several times. Connect to target with "your" public IP, punch a hole in the firewall, setup a bind payload and clear all logs that showed you were there. Then later when you want to do things that "make noise" such as downloading, uploading, getting hashes, etc, you connect to the bind payload through a proxy.
Hope this helps
Share Your Thoughts