0phoi5 Posted June 16, 2016 Posted June 16, 2016 (edited) Hi all, I'm currently enjoying trying to hack in to my Windows 10 machine. I am able to get a local meterpreter session using it's internal IP address (example 192.168.0.20) when connected to the same WiFi/Internet Hub from my hacking box. However, I now wish to test attacking it externally, not from the same LAN. Bearing in mind that I am already in the Windows machine using the internal IP, how could I gather the machine's external IP so that I could then go away and hack it from elsewhere (i.e; not on the same LAN). Not using whatsmyip.com or anything like that, we're talking command-line. OR, would it be easier for an attacker to leave something on the Windows machine to connect to? Edited June 16, 2016 by haze1434 Quote
Rkiver Posted June 16, 2016 Posted June 16, 2016 Unless you are given multiple IP from your service provider it is most likely ALL machines coming from your connection will show the same external IP. Don't believe me? Go to every machine and then ask google what your IP address is. They will likely all show the exact same IP. Quote
fugu Posted June 17, 2016 Posted June 17, 2016 (edited) The only way to know for sure what your external ip is (for the network your connected up to), is to send out a request and have the destination server tell you what your ip is. This has a lot of legitimate uses; NoScript's ABE uses this to help protect your browser. You might consider looking at dynamic dns as a solution to what your trying to do. There is software that is used on desktop machines to keep the external ip address of your home network associated with a dns entry, so that if you ever want to log into your home network when your away, you can just use your own dns to do so. Edited June 17, 2016 by fugu Quote
0phoi5 Posted June 17, 2016 Author Posted June 17, 2016 13 hours ago, Rkiver said: Go to every machine and then ask google what your IP address is. They will likely all show the exact same IP. Good point, but if I was an attacker and I didn't have physical access to any of the machines on my network, then how would I check what this IP was? Quote
barry99705 Posted June 17, 2016 Posted June 17, 2016 As long as you have shell access to the target issue this command; nslookup myip.opendns.com Quote
0phoi5 Posted June 17, 2016 Author Posted June 17, 2016 (edited) 2 hours ago, barry99705 said: As long as you have shell access to the target issue this command; nslookup myip.opendns.com Thanks barry :) This looks along the lines of what I want, however I get the output; *** [My Domain] can't find myip.opendns.com: Non-existent domain *edit* Ah, I tested this at work and they possibly don't use DNS in the same way. I'll test it on my machine when I get home :) Thank you. Edited June 17, 2016 by haze1434 Quote
fugu Posted June 18, 2016 Posted June 18, 2016 You can also try powershell.exe -command "Write-Host (New-Object System.Net.WebClient).DownloadString(\"http://diagnostic.opendns.com/myip\")" Quote
Ogedei Posted June 28, 2016 Posted June 28, 2016 On 6/16/2016 at 7:48 PM, haze1434 said: Hi all, I'm currently enjoying trying to hack in to my Windows 10 machine. I am able to get a local meterpreter session using it's internal IP address (example 192.168.0.20) when connected to the same WiFi/Internet Hub from my hacking box. However, I now wish to test attacking it externally, not from the same LAN. Bearing in mind that I am already in the Windows machine using the internal IP, how could I gather the machine's external IP so that I could then go away and hack it from elsewhere (i.e; not on the same LAN). Not using whatsmyip.com or anything like that, we're talking command-line. OR, would it be easier for an attacker to leave something on the Windows machine to connect to? from my ceh studies if you are talking of hacking the same machine over the internet you need to install something to give you a session to your public ip and on a port which is open for the victim machine. And with that you have a cmd session over the internet. Quote
M@$T Posted October 5, 2016 Posted October 5, 2016 On the same lines.. If you managed to get a local meterpreter shell within your local Lan.. Its totally different getting a remote shell when you are outside your lan. Quote
Rainman_34 Posted October 5, 2016 Posted October 5, 2016 6 hours ago, M@$T said: On the same lines.. If you managed to get a local meterpreter shell within your local Lan.. Its totally different getting a remote shell when you are outside your lan. M@$T is correct. Even if you have the port open if you are trying to get IN then the router needs to be forwarding all incoming traffic from a port to that computer and it's open port. This will require getting into the router from inside the network. Then you can also setup a DNS host on the router with something like duckdns which will let you connect even if the IP changes (which most of the time it will when they reset the router). The best thing is to send a shell OUT to a VPS and then connect to the VPS and open the shell. Quote
M@$T Posted October 5, 2016 Posted October 5, 2016 10 minutes ago, mojo0243 said: M@$T is correct. Even if you have the port open if you are trying to get IN then the router needs to be forwarding all incoming traffic from a port to that computer and it's open port. This will require getting into the router from inside the network. Then you can also setup a DNS host on the router with something like duckdns which will let you connect even if the IP changes (which most of the time it will when they reset the router). The best thing is to send a shell OUT to a VPS and then connect to the VPS and open the shell. or you can use the lan turtle if you have physical access to the PC and get a remote shell =) Quote
Rainman_34 Posted October 5, 2016 Posted October 5, 2016 7 minutes ago, M@$T said: or you can use the lan turtle if you have physical access to the PC and get a remote shell =) Also a great option but normally when someone is doing an external test they don't have physical access though yes some times they do. I think using the lan turtle though kills the learning process and essentially just gives him access back into the network and then it is the same as just doing an internal exploit. Quote
M@$T Posted October 5, 2016 Posted October 5, 2016 3 minutes ago, mojo0243 said: Also a great option but normally when someone is doing an external test they don't have physical access though yes some times they do. I think using the lan turtle though kills the learning process and essentially just gives him access back into the network and then it is the same as just doing an internal exploit. Fair enough ;) I suggest you set up a local LAN and have a pc connected to a neighbors WIFI or a hotspot from your cell phone so that you will be connected to an "outside network" and practice. you will not manage at first but persistence always prevails Quote
Rainman_34 Posted October 5, 2016 Posted October 5, 2016 you mean connect to a public WIFI or a hotspot right 7 minutes ago, M@$T said: Fair enough ;) I suggest you set up a local LAN and have a pc connected to a neighbors WIFI or a hotspot from your cell phone so that you will be connected to an "outside network" and practice. you will not manage at first but persistence always prevails Quote
digip Posted October 6, 2016 Posted October 6, 2016 If it's behind NAT, you more than likely need to have the machine on the inside, initiate the session to you with a reverse shell. Either host a malicious file or link that the inside machine would run, such as links in an email, sending in a PDF with meterpeter code, etc. Also, your location on the internet, if also behind NAT, poses the same issue to you. Think like two walls with the internet between them, until both sides can circumvent both walls, there will be no session created, so both the target and the attacker, need to be able to have the ports they use for communication be open to each other. The easy part is the initiation if a victim runs your file to call home, but your listener, needs to be accessible over the web to respond, or the whole thing will fail. Quote
0phoi5 Posted December 16, 2016 Author Posted December 16, 2016 (edited) On 17/06/2016 at 0:36 PM, barry99705 said: As long as you have shell access to the target issue this command; nslookup myip.opendns.com Ah, came back to try this again and found an important bit of detail! nslookup myip.opendns.com didn't work for me, however nslookup myip.opendns.co.uk does! Must be a UK thing. Edited December 16, 2016 by haze1434 Quote
RealSoap Posted December 17, 2016 Posted December 17, 2016 I'm just a student/enthusiast but could this help? https://www.tunnelbear.com/blog/linux_support/ Also, if you have an unlimited phone plan Cyanogenmod will open your hotspot and allow you use your data the way want. Quote
digip Posted December 21, 2016 Posted December 21, 2016 On 6/17/2016 at 8:43 AM, haze1434 said: Thanks barry :) This looks along the lines of what I want, however I get the output; *** [My Domain] can't find myip.opendns.com: Non-existent domain *edit* Ah, I tested this at work and they possibly don't use DNS in the same way. I'll test it on my machine when I get home :) Thank you. If you pass the DNS server in the nslookup command, it should give the results even when your default DNS is not OpenDNS nslookup myip.opendns.com. resolver1.opendns.com The second address makes it the DNS server to use. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.