Forum Thread: Weird IP Question

Hello again Null-Byte,

Just a short question that perhaps you guys know the answer to, I have exploited a machine that for some reason never allows a connection unless I run Teamviewer on it at the same time, I can't even run portscan but I can ping it. I believe it has something to do with the router at that location since the computer was moved and then it started working but now it's back at the original location. But I digress.. my question is, last time I tried connecting to it and ran the listener it does what it usually does, nothing at all. But then it tried sending a stage to an unknown IP address, Which makes me really curious because when I checked the IP's location it was in the US.

Anyone know why metasploit tried sending a stage to a completely unknown IP address that I haven't even exploited?

Thanks in advance,

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

6 Responses

Is this computer behind a different router? You may just be scanning the router.
Is this accurate?
Your computer-Router->victim's router-victims computer

Yeah it's behind another router. You think that's why I can't get any session at all? I wonder why it suddenly works when I open Teamviewer though, it's on completely different ports. Gotta look for the tutorial on getting past routers then.

Hey björn, where are you from?



1.) I mean opening a connection from my computer to the target. As soon as I do that, metasploit sends the stage and I get a session. It persists until either computer restarts, even if I close Teamviewer before that.

2.) I'm using reverse tcp.
3.) I'm using a Veil exe, for persistence I'm using task scheduler. So no particular exploit to speak of.

If the targets router is blocking me, is there a technique or a tutorial here that can teach me how to get past it?

Just a random name I picked for this account.

Anyone know why metasploit tried sending a stage to some random IP in the US with Microsoft as the ISP? Kinda worried about that one.

(edited because I asked a stupid question)
But - what ports are you using?

I'm using port 443. I haven't really looked into other ports, a lot of tutorials choose that one so I've just defaulted to using it aswell.

Share Your Thoughts

  • Hot
  • Active