Hello, So if you are trying to perform a remote exploit on a computer say using meterpreter is there a way to access it without using your personal IP address to prevent it being traced? Could you somehow use a VPN? For example could you somehow set the RHOST to a VPN IP and then connect to that VPN? Sorry if my question is confusing or if it is redundant but any help would be greatly appreciated. Thanks!
Forum Thread: Protecting Yourself When Remotely Accessing an Exploit.
- Hot
- Active
-
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
1 mo ago -
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
1 mo ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
2 mo ago -
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
3 mo ago -
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
4 mo ago -
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
5 mo ago -
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
5 mo ago -
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
6 mo ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
6 mo ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
7 mo ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
9 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
9 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
9 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
9 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
9 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
9 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
10 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
11 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
11 mo ago
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Enumerate SMB with Enum4linux & Smbclient
-
How To:
Detect Script-Kiddie Wi-Fi Jamming with Wireshark
-
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
-
Become an Elite Hacker Part 4:
Hacking a Website. [Part 1]
-
How To:
Perform Advanced Man-in-the-Middle Attacks with Xerosploit
-
How To:
Escape Restricted Shell Environments on Linux
-
How To:
Use MDK3 for Advanced Wi-Fi Jamming
-
How To:
Use the Chrome Browser Secure Shell App to SSH into Remote Devices
-
How To:
The Top 80+ Websites Available in the Tor Network
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
How To:
Find OSINT Data on License Plate Numbers with Skiptracer
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
The Hacks of Mr. Robot:
How to Send a Spoofed SMS Text Message
-
Video:
How to Crack Weak Wi-Fi Passwords in Seconds with Airgeddon on Parrot OS
-
How To:
Use an ESP8266 Beacon Spammer to Track Smartphone Users
-
How To:
Create Packets from Scratch with Scapy for Scanning & DoSing
-
Antivirus Bypass:
Friendly Reminder to Never Upload Your Samples to VirusTotal
4 Responses
In this wonderful tutorial by OccupyTheWeb you learn how to use a tool called proxychains. Great tool. With this tool you can route msfconsole through proxies.
Note: Your question was good and well asked! We don't always get people asking like you did. Thank you!
I think you mean LHOST as RHOST is your target. Unless you are attacking the VPN service itself.
I think I understand the concept of Proxychains to route msfconsole. But what would interest me, is how I can cover the outgoing connection from the exploit on the victims computer.
Because Hardcoding my own public IP in the exploit doesn't sound safe. Could you not simply find out where the exploit connects to via Wireshark or some similar software?
The only way I could think of is letting the exploit connect to a listener on an anonymous remote computer and accessing it via Proxychains, so the attack can't be traced back to me.
I hope this question is understandable, thanks in advance
Its actually quite a bit easier than that. Every windows machine has a command built-in that lists all connections to the machine. That command is: netstat - a
What you can do has been suggested on NB several times. Connect to target with "your" public IP, punch a hole in the firewall, setup a bind payload and clear all logs that showed you were there. Then later when you want to do things that "make noise" such as downloading, uploading, getting hashes, etc, you connect to the bind payload through a proxy.
Hope this helps
Share Your Thoughts