Forum Thread: Protecting Yourself When Remotely Accessing an Exploit.

Hello, So if you are trying to perform a remote exploit on a computer say using meterpreter is there a way to access it without using your personal IP address to prevent it being traced? Could you somehow use a VPN? For example could you somehow set the RHOST to a VPN IP and then connect to that VPN? Sorry if my question is confusing or if it is redundant but any help would be greatly appreciated. Thanks!

4 Responses

In this wonderful tutorial by OccupyTheWeb you learn how to use a tool called proxychains. Great tool. With this tool you can route msfconsole through proxies.

Note: Your question was good and well asked! We don't always get people asking like you did. Thank you!

I think you mean LHOST as RHOST is your target. Unless you are attacking the VPN service itself.

I think I understand the concept of Proxychains to route msfconsole. But what would interest me, is how I can cover the outgoing connection from the exploit on the victims computer.

Because Hardcoding my own public IP in the exploit doesn't sound safe. Could you not simply find out where the exploit connects to via Wireshark or some similar software?

The only way I could think of is letting the exploit connect to a listener on an anonymous remote computer and accessing it via Proxychains, so the attack can't be traced back to me.

I hope this question is understandable, thanks in advance

Its actually quite a bit easier than that. Every windows machine has a command built-in that lists all connections to the machine. That command is: netstat - a

What you can do has been suggested on NB several times. Connect to target with "your" public IP, punch a hole in the firewall, setup a bind payload and clear all logs that showed you were there. Then later when you want to do things that "make noise" such as downloading, uploading, getting hashes, etc, you connect to the bind payload through a proxy.

Hope this helps

Share Your Thoughts

  • Hot
  • Active