Problem When Trying To Backdoor Computer Outside The Network

[daven]

well, i created file using windows/meterpreter/reverse_tcp payload that his LHOST is my external ip address(whatismyip.com) and the port is 4444

and on the machine i set the lhost to my inner ipv4 192.168.0.189 and the same port.

i open this port, and although when i open the file in other network and no session are open.

when i try the same with inner ip it works (when i try to backdoor my machine from the virtual machine).

you can see all in this picture:

http://imageshack.us/f/515/help1u.png/

tnx for reading hope u can help me guys :|

Edited February 25, 2012 by daven

[digip]

Disclaimer: I don't even want to know if you have permission to attack this other machine. It goes without saying, what you do, is at your own risk, so if you are attacking someone else's computer, that is on you.

Make the lhost, your external IP address and then either port forward the listing port to the internal machine, or put it in a DMZ.

We'll need to know your topology though to be certain what is what. 1, is the machine waiting for the connection a VM or physical box. If it is a VM, is it bridged to the physical network so it shares the same IP subnet as the router. 2, is the port forwarded to the VM or Physical machine waiting for the connection. For times like this, its often best to put your attacking machine, in a DMZ, just so it doesn't run into any issues with NAT and port forwarding or the router dropping unsolicited packets(built in firewall), and 3, do you know for certain the target machine outside of the network is compromised or vulnerable to attack? If you get no session when attacking, it sounds like the target is not vulnerable.

[daven]

OK, thanks for answering first of all I'm attacking my self i got 2 houses so I'm attacking my computer in the outside network.

I just want to learn pen testing, security networking...

and also learn how to protect my self against hackers by learning all these.

i made the lhost to my external IP in the file.

in the machine i set it as my inner IP address 192.168...

about 1 - its VM and its bridged to the physical network.

2 - yes the port waiting for the connection as u can see in the picture, in the background there is the page of my router's open ports.

3 - its the same computer as mine and if i can attack mine ( there NO AV ) and if i can do it on my self in the network and its work so i guess it should work either on the "victim"(me). according to this the only thing i can do is to put the VM in the DMZ ;x?

[digip]

Is the target behind a router or NAT? If so, you need to find a way to reach it first, such as having a web page the victim can surf to, then make that trigger the exploit and send off your payload from there. Otherwise, the victim needs to be in a DMZ or directly reachable via the internet. Other ways to do it, open a PDF on the victim machine with a payload that points back to you.

Edited February 28, 2012 by digip

[Infiltrator]

The PDF attack would definitely work, even if the victim is behind a firewall/NAT. Just use Metasploit to embed a reserve_shell in the PDF. Make sure to use either port 80 or 443, as most firewalls don't block these ports by default.

Edited February 28, 2012 by Infiltrator

[daven]

ok, thank you guys. the pdf is the same what i did just i send a exe file ...

both are reverse backdoor..