Reverse_TCP - NAT Network to NAT Network

[i0.alias]

I'm looking to set up a reverse_tcp tunnel between two separate home environments. Currently I'm thinking NAT may be an issue. I'm currently thinking I just need to set up port-forwarding to my pentesting laptop. Am I missing anything else?

[Mr-Protocol]

You could just setup a VPN between them. VPN may be easier depending on the firmware of your devices.

[i0.alias]

I'm aiming for a solution that can be 100% scripted. Would I be able to create a VPN through Powershell?

[Mr-Protocol]

You can do a point-to-point VPN with your two routers. That way the PCs dont need to be configured at all and it would be connected as long as both routers are online.

[i0.alias]

Is there not a solution that doesn't requireme to configure something like that? This exercise is supposed to simulate an actual attack not a staged play. lol

[Mr-Protocol]

Ah, I didn't understand it was for pentesting purposes. I thought you just wanted to connect the networks. Port forwarding the ports the tunnel uses should work in theory. It all depends if you have a direct IP to the internet or if you get internet that is behind another NAT that is sub leased in a way.

I have seen people that live in apartments behind a NAT they do not control that plugs in as the internet source for their NAT Router. In that situation, forwarding the ports on your router would not work since there is another NAT layer preventing incoming connections.

A simple way to check is to pick your favorite show your IP website and see if that matches the external IP address your router is detecting.

[i0.alias]

Looks like they match. When I set up the meterpreter to listen on port 443, my port-forwarding needs to direct all incoming traffic on port 443 to my laptop. Am I missing anything?

[Mr-Protocol]

I wouldn't think so. It's been a few years since I've played with metasploit.

Check out this resource: http://www.offensive-security.com/metasploit-unleashed/Main_Page