I'm running some stuff on a machine on which I have a persistent Meterpreter session. It's a Windows 7 machine. I can elevate to NT/System, but I don't have access to the router admin page.
Anyway - I want to mask some of our overlapping web activity. It's not enough to disguise my external IP address -- I need to somehow mask it with the victim's external IP address. It's a workplace domain, so they're using a static IP from a wireless connection.
I'm assuming this will involve some sort of tunneling/internal port forwarding, but I haven't been able to figure it out. My IP still shows as my C2 server.
Any help would be very appreciated.
4 Responses
Dear CWoW,
Delete your browsing history (CTRL + H), LoL. Or, get a Google extension for it, that doesn't let Google log you. And, the last one is turning "Logging off". And, after you are done, turn the logging (ON),, extension (OFF).
Kind regards,
Ragin' Hacktivist
We're not using the same browsers -- I mean hiding my activity when bypassing their two-step verification. For example, if you log in to Gmail and check your recent activity, it will show you all the IP addresses that have logged into your account.
So if I wanted to hide my presence, I need to mimic that IP address.
Dear CWoW,
No you do not. If you have hacked into his computer, you are using his IP Address remotely. It will look all the same.
Kind regards,
Ragin' Hacktivist
Yeah - I suppose if I want to use remote desktop or VNC, but I was talking about accessing that information during business hours (time stamps matter here). You can't do either of those things while the other person is on the computer.
No matter, I figured it out -- a reverse SSH tunnel, analog proxy, and spoofing the OS. I'm good to go. But thanks!!
Share Your Thoughts