Results 1 to 6 of 6

Thread: [HID] Sending reverse_https payload to an IP on a different network?

  1. #1
    Join Date
    2014-Nov
    Posts
    16

    [HID] Sending reverse_https payload to an IP on a different network?

    How I can set up the HID attack to initiate a meterpreter session with both boxes on different networks? I have everything working flawlessly with both boxes on the same network but do you exploit a box that is connected to a different network. From research I know that it can be done with the reverse_http/s payloads and I have tried plugging in the IP from the different networks just to give it a shot, but obviously I don't get a meterpreter session. I know that the payload script will have to be hosted somewhere that it can be accessed like a web server and have the correct IP and port at the bottom where Invoke_Shellcode is, but how do I configure the payload to connect to a box on a different network?

  2. #2
    Join Date
    2013-Mar
    Posts
    9
    are you using the external IP addresses? and have you forwarded the ports on your router?

  3. #3
    Join Date
    2014-Nov
    Location
    Sweden
    Posts
    21
    Have you set LHOST to your public IP or 0.0.0.0? Also, have you tried setting ReverseListenerBindAddress to your local IP?
    :(){ :|:& };:

  4. #4
    Join Date
    2014-Nov
    Posts
    16
    Quote Originally Posted by unknownpwn View Post
    Have you set LHOST to your public IP or 0.0.0.0? Also, have you tried setting ReverseListenerBindAddress to your local IP?
    Quote Originally Posted by russ View Post
    are you using the external IP addresses? and have you forwarded the ports on your router?
    I am trying to send it to my laptop that would be on a different network connection than the victim box using my N7 as the exploit device. If I was set up at a place when I couldn't port forward the router, how would I go about that?

    Do I find the external I of my kali box and would I need more than just the ReverseListenerBindAddress? I am able to get the victim box to download the payload and run but I just don't understand the way to set up the listener to receive the payload if I'm connected to a different network.

  5. #5
    Join Date
    2013-Mar
    Posts
    95
    When creating payload, your home/kali box has an external ip and internal router ip. The payload has to have the external ip of the waiting kali box. The router your kali box is attached to needs the ports forwarded to your kali box internal ip. ..
    Hope this helps. As always i could and am quiet often wrong :-)

  6. #6
    Join Date
    2014-Nov
    Posts
    16
    Quote Originally Posted by skycrazy View Post
    When creating payload, your home/kali box has an external ip and internal router ip. The payload has to have the external ip of the waiting kali box. The router your kali box is attached to needs the ports forwarded to your kali box internal ip. ..
    Hope this helps. As always i could and am quiet often wrong :-)
    I am thinking of it in the sense of lets say my kali box is hooked up to a coffee shops free wifi, which obviously I wouldn't have access to forward the ports. Would I be able to interact with metasploit still even though the router is not port forwarded? That is assuming of course that the HID attack is properly configured. I still need a little clarification on which IP to use, but if the router absolutely has to be port forwarded, then that definitely changes things.

Similar Threads

  1. SET not sending full emails
    By systemcrash86 in forum General Archive
    Replies: 0
    Last Post: 2013-09-07, 01:57

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •