Jump to content

How To Use Metasploit On Non Lan Machines?


wurmt0ngue

Recommended Posts

Ive been able to use backtrack for wep cracking for a few years but I recently decided to try and learn more and really try and dig in. Thanks to g0tm1lk's blog and hak5 I have come a long way and can now exploit local vms and gain access to them using client side browser attacks(however using armitage). My next step is to learn metasploit command line so I actually understand what is happening behind armitage's GUI, but my question here pertains to being able to use metasploit remotely on hosts who arent on the local network.

I have a free no ip account and can forward directly to my ip so I figured if I forwarded my ports correctly I could link a friend (knowingly for testing) to my noip host and to my metaploit server. (I could be wrong but please let me know) and this should also give me their ip through console when they connect to the webpage.

Am I on the right track here? and what are some other ways I could use metsploit remotely, so far I have only attempted simple client side attacks from the armitage howtos etc.

Go easy on me for being a n00b, plz and thx

Link to comment
Share on other sites

So far your approach is correct,

1) You will need to know the remote computer IP address or hostname

2) You will need to find out what services are running in the remote host.

3) You could use Nmap to scan for any open ports on the remote host.

4) Once you find what services and ports are opened.

5) Use Metasploit to exploit the host service.

6) Now to make the machine visible to the internet, there are two ways you can go about.

1) Open forwarding ports on the remote router.

2) Or place the remote host in a DMZ, this option is not recommended, because it will completely expose the host to the internet, however once this option is enabled, forwarding ports will no

longer be required.

If you want to go down this path, make sure the host does not have any confidential information or any important data on it.

Hope this helps.

Edited by Infiltrator
Link to comment
Share on other sites

Whatever you decide to do, notify the parties who's network you use, such as the remote host and even your ISP/friends ISP. What you are doing in your own lab tests or private network, should not be stuff that travels outside the local lan, or you could be seen as trying to attack someones network and get yourself arrested. Personally, I would create several networks at home, get a few routers, switches, set up different subnets for each network, with 1 machine in each network that can speak to the next hop and then play from there. This way you can try to pivot off one machines subnet into the network of another it can communicate with.

There really is no difference though between doing this in VM's vs a live network. A network is a network, if the configurations are set up properly. I think doing anything over the internet is going to be an issue and may get you into trouble with the ISP's or hosting providers. If you were in say the Offsec classes, they give you VPN access to a private network set up just for pen-testing. This makes more sense than to try doing something across the internet where you could potentially land yourself in jail if you pointed your scans to the wrong IP or subnets.

Link to comment
Share on other sites

So far your approach is correct,

1) You will need to know the remote computer IP address or hostname

2) You will need to find out what services are running in the remote host.

3) You could use Nmap to scan for any open ports on the remote host.

4) Once you find what services and ports are opened.

5) Use Metasploit to exploit the host service.

6) Now to make the machine visible to the internet, there are two ways you can go about.

1) Open forwarding ports on the remote router.

2) Or place the remote host in a DMZ, this option is not recommended, because it will completely expose the host to the internet, however once this option is enabled, forwarding ports will no

longer be required.

If you want to go down this path, make sure the host does not have any confidential information or any important data on it.

Hope this helps.

1)Not really, depends on the attack, but typically no.

2)Helpful but not always needed.

6)Only the attacking machine needs to be accessible from the external addresses so the victim computers can "connect back" to start a meterpreter or whatever session is chosen for the payload.

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

Link to comment
Share on other sites

1)Not really, depends on the attack, but typically no.

2)Helpful but not always needed.

6)Only the attacking machine needs to be accessible from the external addresses so the victim computers can "connect back" to start a meterpreter or whatever session is chosen for the payload.

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

Was only some suggestions, on how he could use Metasploit from outside his LAN.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...