Forum Thread: Using External IP as LHOST

Hey there,

I was asking, I have a kali linux verison my laptop, I need to try penetrating an android phone with MetaSpolit, I saw many methods and they are the same by creating an APK file and sending it to the victim using msconsle but I was wondering, The android phone I am trying to hack must be connected to my own internet connection (Local Host) or it doesn't matter?

I mean I need to make a WAN Connection instead of doing it on LAN because my victim isn't connected to the same network.
Should I port-forward 4444/80 ports & then add in LHOST space my external ip or the kali internal ip?

20 Responses

Yes. It doesn't really matter what port you use. You just need to port forward it. WAN requires it because the Lhost IP address leads to the router. The router needs to know where to send the traffic. So as long as you port forward, it should work fine.

Thanks for your reply.

So you mean by port-forwarding the ports, it doesn't matter if I used the Public/External or Local (Internal) IP Addreas, It will access any android phone that is not on my same internet connection?

There are 2 conditions :

First unless your kali is exposed with a public IP you bought, you need port forwarding at your side in order to redirect the trafic to your kali. You'll specify your router public IP and configure it to redirect all trafic incoming to your LPORT to your kali host (private IP).

You'll also need to be able to reach your target at least in order to send your payload which mean that you also need the target to have a public IP (RHOST) or to be port-forwarded. This situation is really unlikely to happen because you're targeting a smartphone.

Thanks for your reply :)!

Alright I understand but I got a new problem here, I portforwarded the port 4444 to my Windows IP Addreass but I noticed that the Kali Linux IP 192.168.188. differs from the Windows 192.168.1. IP (Using VMWare) does this effect on the WAN connection or not? ...- Also, I tried to install the APK which I made to the Kali IP, It fails,Giving me "Application is not installed", I tried in other 2 devices and gives the same... I am not sure it's due to the connection or it's an android problem...?

Your kali and your windows are not on the same LAN. But don't understand what you're doing. Why did you port forward your windows ?

i need to sent the payload to someone who is not in my country/place so i can't use localhost right so wan still after giving LHOST to in multi handler it is not working i tried to replace LHOST with the ngrok ip after enumerating it still not working what will i do

I'm using VMWare ...I portforwarded the port 4444 to my Windows Local IP which is: 192.168.1.x, Which I will use on WAN because the target's device I want to penetrate isn't on LAN (same internet connection) , But in the 'ifconfig' in Kali the ip is 192.168.188.x, does this effect on the portforwarding or I should portforward the port 4444 to 192.168.188.x ?

I'm not familiar with VMWare but I'm pretty sure that you misconfigured your VM network setting. You need your Kali to be the LAN of your router.

Look at your VM network setting (VMWare UI). You should find something like "bridged mode" option.

Lets take this Step By Step:

  1. App Not Installed:

This is probably because you made a mistake in the terminal while writing the command (Common), or your app needs a DIGITAL SIGNATURE (Occurs Often). You can easily add a Digital Signature onto the apk. Refer Google on How-to.

  1. Ip Address Confusion:

There are 2 kinds of IP Address Private and Public. Since you are working with Kali on VMware and are deploying the METERPRETER, Below Lies how to conduct your attack on the WAN (a.k.a The INTERNET):

When making the payload (msfvenom.apk) use your PUBLIC IP as LHOST. you can get this by typing "what is my ip address?" on Google.

When Deploying the MSFCONSOLE use your PRIVATE IP as LHOST, obtained from typing "ifconfig" on you VMWare Kali Linux Terminal.

  1. Port Forwarding:

Make sure Port Forwarding is done on the same port EVERYWHERE in LPORT.

And, That's how you successfully conduct an Android Meterpreter hack.


When I type ifconfig in terminal
And hit enter its show default LHOST
How to change it

Sir i am using lan(erthnet) connection it is same work on my vmware or there is different way to do it please reply fast

Thanks for your reply!
Alright thanks but one more question
By saying (MAKE SURE NETWORK IS BRIDGED)..You mean??

never mind I did it
Thanks all for your help.. Ireally appreciate your support for me ^_^

Guys, guys, guys, I'm not using router and I'm able to access the internet through usb tethering. So whenever I create a payload for any android device, the public ip will change and everytime I've to make a new payload to load my public ip on it, so how could I solve that particular problem?

Secondly,how can I port forward without router?

1. No static external IP (because tethering to mobile phone(?) with ever-changing public/external IP) - Potential Solution - Ok, less than an ideal setup for trying to grab a reverse shell from anything but if I was in that situation I would:

(a) Use a proxy/VPN/public wifi (no or useless IP trail) to truck over to freenom and sign myself up a free 3 month domain name ( sounds good). Then I'd couple my nice new domain with an A nameserver DNS binding to a free DDNS (dynamic DNS provider) account. Mr DDNS provider will map to your dynamic/ever-changing IP address so that, when your victim's reverse shell payload calls (as your LHOST), it is piped through to your current, dirty, dynamic IP and pops up in your Netcat/Metasploit Multihandler listener.

2. Exposing/Advertising your IP Hey, wait, we solved that with catsarec00lga, didn't we? All your victim (or his ISP) knows is that your payload forced a reverse TCP call to which led to a dynamic IP address which could have been you or anyone else your mobile telco allocated that dynamic IP to that day. Could it be traced back to you? Yeah, of course, with enough effort, it could - assuming of course you were using your mobile account/telco's data connection to receive the incoming TCP shell call from your victim... and not your neighbour's wifi or the free wifi or a proxy or a VPN or... you get the idea.

Hope that helps!

Thats an intresting way. Can you please elaborate a bit. I got a domain but i cant figure out how to bind the domain to my dynamic ip. I am using no-ip as my dynamic dns client but i dont know how to bind that to the domain i created on freenom.

Oh and if you are tethered (again, I can only assume) to your mobile phone and your net connection/incoming TCP requests are coming to your box via your phone 3G/4G/LTE data connection, then your phone/phone's OS/phone's software is your 'router' for want of a better term. I've got Kali 2.0 running on my Android phone as chroot (no Nethunter image for old Note4's sadly, but it's the same sh*) so ensuring that, say TCP port 6969, is open and forwarding my victim's reverse shell request to Netcat/Metasploit Multihandler (either on my phone or my box if I tether my box to my phone) is just a matter of messing with UFW/IP Tables in Kali on my phone. If you have an iPhone I couldn't have a single clue what is and what is not allowed by default in terms of 'other' ports or what apps may or may not be able to assist you. If you are Android, though, and your phone isn't a dinosaur, chroot a suitable ARM Kali 2.0 so you can do everything from your phone - no tethering to another box running... Kali 2.0 haha. Just an idea.

Go to your local router page, and configure port forwarding. Get your public ip from, and use that for the IP for the payload. Then have the router forward the port, default 4444, to your private IP. Then set the listener to your private IP. The payload will talk to the router, which will forward the data to you.

Share Your Thoughts

  • Hot
  • Active