Description: In this tutorial i will be showing you how to get metasploit working over the internet.
This is how it works.
Victim connects to your public IP in this case a router the router forwards the connection the the local machine once configured machine connects back to victim :)
thanks for watching
check out my side for more tutorials thawildcard.com
Tags: metasploit , internet , metasploit over internet ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
sir I use a usb modem for connecting to the internet..I have set up a NAT adapter and a Host only adapter...The NAT helps me through internet connectivity and I have set NAT so that I can communicate between two VMs...Should I set up a bridged adapter as well to use metasploit on internet ? I run MSF on BT5 virtual machine....
@darklord123 internet connection should still work if you bridge it over a usb modem. I was running vmware workstation 7 on BT5 R1 64 bit and it gave me a hard time giving it a static IP when i tried it on virtual box with BT5 R1q 64 bit i managed to get a static IP. read more about what NAT is heres a link to wiki http://en.wikipedia.org/wiki/Network_address_translation
im still doing my network+ course but from what I understand is NAT puts u in a private network environment and gives u access to the internet but restricts computers from outside your NAT to connect to your computer. let me know if u have a hard time i will try to help u with it. i got a USB modem but never really use it much.
Hi jok3rr
Thanks for sharing...
I have configured the router to forward all ports to BT5 VM running on virtual box...
Tried to run java exploit, but no luck.
While testing, when the client open the URL, msf shows that it handling request from 20.25.x.x:24524...
[*] Sending Applet.jar to 10.0.0.1:24526...
and stuck there.
Please note that 10.0.0.1 is the IP address of the router, so I think that the problem is msf is trying to send the applet to 10.0.0.1 not the original IP of the client, isn't it ?
Please help...
@Sulimanw it seems like it worked with you however the other end could have an anti virus stopping it thats why it seems stuck.try testing it on your own machine without anti virus and then with anti virus and see the results or setup a windows machine and test it. let me know how it goes.
@Sulimanw when msf shows that it is handling the request from 20.25.x.x:24524 it means it got a connection request from that end and its sending the applet.jar (exploit) but the fact that it does not get a session is due to anti virus im 99% sure :)
I am using it in my own testing machine...
Yes it got the connection established as it is listed in netstat -n on both ends.
But when msf tried to send the exploit it sends it back to 10.0.0.1 ( the internal router IP) not the original client IP. Is there a way to tell msf to send the exploit back to the original victim ip ?
I will try to disable the AV and give it a try.
Thanks for your reply!
@Sulimanw try this
once you selected the exploit set the options and then type
set PAYLOAD (after payload press tab twice or 3 times) use a meterpreter reverse tcp then show options again, you will see an option LHOST on the Payload set the LHOST to your external IP and then run the exploit it should work!
Thanks for pointing this out I did not include that in the video! im gonna see how i can fix it...
Thanks so much!
Still no luck :(
It always tries to send payload to the internal router interface.
I will try to figure it too.
External IP used in this video: 92.98.203.196
http://www.geobytes.com/IpLocator.htm?GetLocation&IpAddress=92.98.203.196
Hi Securitytubers,
The best configuration for VBOX is to keep the guest OS as "NAT" and use port forwarding option :
Name| Protocol | Host IP | Host Port | Guest IP | Guest Port
any | TCP | 0.0.0.0 | 4444 | 0.0.0.0 | 4444
"4444" could be any port!
- configure your router to forward to your Host IP
or if you are getting the internet form USB modem then use the IP your host is getting .
Best Luck! and Special thanks to the Master that we inspired this from .
ummmm, your IP is showing dude... might wanna take a closer look at your broswer!
@J0hnny_b14z3 yeah i noticed the IP showing after i posted the video n didnt feel like re-editing it. its ok i changed it :) thanks though :)
@toms12 Thanks for your comment I usually go with bridge but I appreciate your comment I'v never tried doing it over NAT.
@everybody the difference between NAT and Bridge mode
When you use NAT, you are putting the guest on its own private network that is "behind" the host machine. If you don't trust the software you will be running on the guest, or if you think other people on your main network might try to do bad things to the guest VM, then using NAT is a good option. However, NAT also adds an extra layer of complexity which can make it more likely that the guest will have connectivity issues, especially with the outside world (i.e. the Internet).
In bridged networking, your network card just provides multiple connections to the same network. If your goal is to have your guest behave exactly the same as if you had just plugged another physical computer into your network, you will probably want to use the bridged networking option.
Hi j0k3rr you made an awesome video :) I had two doubts, it will be really nice if you can help me out : Do i need to do any extra configration if I use a data card ??
2.) Do we need to tweak our payloads and exploits ? I heard they sometimes sotp execution at the first or second byte ??
@neoX_c0der: thanks, i try sharing what i learn with others but im not a master at it just learn from experiance.when you say data card do u mean the USB card Tha connects via 3G? Iv never tried it over a 3G but from what I know it gives you already a public IP and just set the vm machine to bridge which will share that IP so u won't need to forward port. Ur payload should call back if u r using reverse tcp to your Public IP if Ur going to use something like browser_autopwn it will ask for the SRVHOST set it to 0.0.0.0 and SRVPORT can be set to 80 but some ISP's block port 80 from connections from the outside I usually leave it set to 22080.
Payloads should be tweaked cause they get detected by Anti viruse scanners. Lets say u setup browser autopwn u get a connection made but the payload goes through but no connection is made back to your machine it means it got detected.
@ j0k3rr : Thankx for your reply mate :) Yeah I mean the 3G connection ones :/. Can you please guid me some more regarding tweaking the payloads ?
It will be really awesome if you can give me some iddea about tweaking them. N by payloads I mean not the EXE ones I mean the payload like meterpreter/reverse_tcp something like that. and also if you can suggest me a payload that doesnot get detected/ has less chances please do lemme know
@neoX_c0der: Found an excellent post on metasploit.com
There is no tried and true technique for bypassing antivirus. You may find the AV product you are testing can be bypassed with simple modifications to the templates or you may find that it doesn't matter how you modify the template because the AV is picking up on the payload. If the AV is triggering on the payload, then you may have to use a custom payload, use a custom encoder, or both.
Here are a couple of things to keep in mind when trying to bypass AV.
People don't like to talk publicly about how they bypass AV because it helps the AV companies develop signatures.
Don't submit your custom executables to VirusTotal or similar services because the AV companies use these services to develop new signatures.
Setup a virtual machine with the AV you want to bypass, update it to the latest signatures, and disconnect it from the Internet. Then test your bypass.
URL:
http://dev.metasploit.com/redmine/projects/framework/wiki/Using_a_Custom_Executable_to_Bypass_AV
Also if you are new to this watch Vivek Ramachandran's videos on MSFE learn from the basic level then build up trust me jumping into bypassing AV's will get u lost if you dont have much knowledge on computer security.
There is a course u can take online at www.testout.com called Security+ that will give u the basics u can get a great deal n take 4 courses for almost 700$ that is
A+
Network+
Security+
Linux+
GoodLuck :)
@ j0k3rr : I told you I dnt want to make an EXE :/ see if I want to exploit a server remotely for a pentest then I dont get the sessions :// i checked my port is not blocked and using my external i.p
to make my ques clear ;
I use ms03_026 exploit on a server with payload meterpreter\reverse_tcp but I dnt get the session and I am sure its not patched :/. Can you give me a remote server I.p which u used to test and which is vulnerable for any particular exploit so that I know I if therez any foult in my coonfigration or the server end :) Thank you for I.p address mail me @ ethihacker69@gmail.com
Btw I have sufficient knowledge and my basics are clear about metasploit
Thank you :)
@neoX_coder: can't help u with that sorry good luck
This is awesome j0k3rr! You are doing a great job answering all your viewers' question. Keep up the good work. What is the best strategy to scan for an ip over the internet?
Hi j0k3rr! Well this wasnt really what i was looking for but a great method too. My question is, can i use reverse_tcp with external ip? I mean the exe thing. Cuz with local ip it works, but with external i cant make it work, no session. Any ideas?