Jump to content

How to get external IP of a PC connected on same network?


0phoi5

Recommended Posts

Hi all,

I'm currently enjoying trying to hack in to my Windows 10 machine.

I am able to get a local meterpreter session using it's internal IP address (example 192.168.0.20) when connected to the same WiFi/Internet Hub from my hacking box.

However, I now wish to test attacking it externally, not from the same LAN.

Bearing in mind that I am already in the Windows machine using the internal IP, how could I gather the machine's external IP so that I could then go away and hack it from elsewhere (i.e; not on the same LAN). Not using whatsmyip.com or anything like that, we're talking command-line.

OR, would it be easier for an attacker to leave something on the Windows machine to connect to?

Edited by haze1434
Link to comment
Share on other sites

Unless you are given multiple IP from your service provider it is most likely ALL machines coming from your connection will show the same external IP.

 

Don't believe me? Go to every machine and then ask google what your IP address is. They will likely all show the exact same IP.

Link to comment
Share on other sites

The only way to know for sure what your external ip is (for the network your connected up to), is to send out a request and have the destination server tell you what your ip is. This has a lot of legitimate uses; NoScript's ABE uses this to help protect your browser. You might consider looking at dynamic dns as a solution to what your trying to do. There is software that is used on desktop machines to keep the external ip address of your home network associated with a dns entry, so that if you ever want to log into your home network when your away, you can just use your own dns to do so.

Edited by fugu
Link to comment
Share on other sites

13 hours ago, Rkiver said:

Go to every machine and then ask google what your IP address is. They will likely all show the exact same IP.

Good point, but if I was an attacker and I didn't have physical access to any of the machines on my network, then how would I check what this IP was?

Link to comment
Share on other sites

2 hours ago, barry99705 said:

As long as you have shell access to the target issue this command;

nslookup myip.opendns.com

Thanks barry :)

This looks along the lines of what I want, however I get the output;

*** [My Domain] can't find myip.opendns.com: Non-existent domain

 

*edit* Ah, I tested this at work and they possibly don't use DNS in the same way. I'll test it on my machine when I get home :)

Thank you.

Edited by haze1434
Link to comment
Share on other sites

  • 2 weeks later...
On 6/16/2016 at 7:48 PM, haze1434 said:

Hi all,

I'm currently enjoying trying to hack in to my Windows 10 machine.

I am able to get a local meterpreter session using it's internal IP address (example 192.168.0.20) when connected to the same WiFi/Internet Hub from my hacking box.

However, I now wish to test attacking it externally, not from the same LAN.

Bearing in mind that I am already in the Windows machine using the internal IP, how could I gather the machine's external IP so that I could then go away and hack it from elsewhere (i.e; not on the same LAN). Not using whatsmyip.com or anything like that, we're talking command-line.

OR, would it be easier for an attacker to leave something on the Windows machine to connect to?

from my ceh studies if you are talking of hacking the same machine over the internet you need to install something to give you a session to your public ip and on a port which is open for the victim machine.

And with that you have a cmd session over the internet.

Link to comment
Share on other sites

  • 3 months later...
6 hours ago, M@$T said:

On the same lines.. If you managed to get a local meterpreter shell within your local Lan.. Its totally different getting a remote shell when you are outside your lan. 

M@$T is correct.  Even if you have the port open if you are trying to get IN then the router needs to be forwarding all incoming traffic from a port to that computer and it's open port.  This will require getting into the router from inside the network.  Then you can also setup a DNS host on the router with something like duckdns which will let you connect even if the IP changes (which most of the time it will when they reset the router).  The best thing is to send a shell OUT to a VPS and then connect to the VPS and open the shell.

Link to comment
Share on other sites

10 minutes ago, mojo0243 said:

M@$T is correct.  Even if you have the port open if you are trying to get IN then the router needs to be forwarding all incoming traffic from a port to that computer and it's open port.  This will require getting into the router from inside the network.  Then you can also setup a DNS host on the router with something like duckdns which will let you connect even if the IP changes (which most of the time it will when they reset the router).  The best thing is to send a shell OUT to a VPS and then connect to the VPS and open the shell.

or you can use the lan turtle if you have physical access to the PC and get a remote shell =)

Link to comment
Share on other sites

7 minutes ago, M@$T said:

or you can use the lan turtle if you have physical access to the PC and get a remote shell =)

Also a great option but normally when someone is doing an external test they don't have physical access though yes some times they do.  I think using the lan turtle though kills the learning process and essentially just gives him access back into the network and then it is the same as just doing an internal exploit.

Link to comment
Share on other sites

3 minutes ago, mojo0243 said:

Also a great option but normally when someone is doing an external test they don't have physical access though yes some times they do.  I think using the lan turtle though kills the learning process and essentially just gives him access back into the network and then it is the same as just doing an internal exploit.

Fair enough ;) 

 

I suggest you set up a local LAN and have a pc connected to a neighbors WIFI or a hotspot from your cell phone so that you will be connected to an "outside network" and practice. you will not manage at first but persistence always prevails   

Link to comment
Share on other sites

you mean connect to a public WIFI or a hotspot right

7 minutes ago, M@$T said:

Fair enough ;) 

 

I suggest you set up a local LAN and have a pc connected to a neighbors WIFI or a hotspot from your cell phone so that you will be connected to an "outside network" and practice. you will not manage at first but persistence always prevails   

 

Link to comment
Share on other sites

If it's behind NAT, you more than likely need to have the machine on the inside, initiate the session to you with a reverse shell. Either host a malicious file or link that the inside machine would run, such as links in an email, sending in a PDF with meterpeter code, etc. Also, your location on the internet, if also behind NAT, poses the same issue to you.

 

Think like two walls with the internet between them, until both sides can circumvent both walls, there will be no session created, so both the target and the attacker, need to be able to have the ports they use for communication be open to each other. The easy part is the initiation if a victim runs your file to call home, but your listener, needs to be accessible over the web to respond, or the whole thing will fail. 

Link to comment
Share on other sites

  • 2 months later...
On ‎17‎/‎06‎/‎2016 at 0:36 PM, barry99705 said:

As long as you have shell access to the target issue this command;

nslookup myip.opendns.com

Ah, came back to try this again and found an important bit of detail!

nslookup myip.opendns.com didn't work for me, however nslookup myip.opendns.co.uk does!

Must be a UK thing.

Edited by haze1434
Link to comment
Share on other sites

On 6/17/2016 at 8:43 AM, haze1434 said:

Thanks barry :)

This looks along the lines of what I want, however I get the output;


*** [My Domain] can't find myip.opendns.com: Non-existent domain

 

*edit* Ah, I tested this at work and they possibly don't use DNS in the same way. I'll test it on my machine when I get home :)

Thank you.

If you pass the DNS server in the nslookup command, it should give the results even when your default DNS is not OpenDNS

nslookup myip.opendns.com. resolver1.opendns.com

The second address makes it the DNS server to use.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...