Jump to content

acceesing network from outside


ae3erdion
 Share

Recommended Posts

Im create this lab where one of the machines is facing the internet. My goal is to be able to exploit it from outside the network, like public internet access, and in the future do some lateral movement in the internal network of the lab. Where I can look for information on how to do that?

Link to comment
Share on other sites

You can setup port forwarding on your public facing router to access said network. For example, Ive got a secondary laptop that I mainly use as a network attached backup server, and sometimes is handy for ssh tunnels out of public wifi networks. You have to setup a rule to forward ssh to the desired private IP address, then I could access my `server` by ssh-ing to my public IP address, and the router automatically forwards the traffic to the server. That is one relatively safe way of getting into your home network, but I would REALLY recommend using public key authentication if you plan on setting up port forwarding like this. You prob will see attempts at random IPs trying to get into your network eventually, so always better safe than sorry, right?

  • Like 1
Link to comment
Share on other sites

I get that part. Let me be more clear on my setup so you can get a better idea of what I'm trying to do.

1. I have a couple virtual machines in digital ocean connected to a vpn at home with other virtual machines.

1.1 digital ocean machines are a web server and an ftp server facing the internet

1.2 machines at home are metasploitable, domain controler, and a few more vulnerable systems to practice

2. my goal is to be able to "compromise" my servers facing the internet and gain access to the VPN by lateral movement and eventually gain control of the system

3. as i learn I want to improve my security and make it more challenging every time

 

Hope is more clear now

Link to comment
Share on other sites

Not everything can be compromised, unless you've installed a deliberately vulnerable versions of software or deliberately configured them with weaknesses. If you have, then get them off the internet now otherwise someone else will compromise them and you'll lose your box.

Why are you wanting to attack something over the internet? What are you trying to achieve with it? Attacking a service is the same regardless of whether it is local or remote and you can very easily build a VM environment to simulate a remote network if you really want to.

  • Like 1
Link to comment
Share on other sites

Also, if I read correctly you are planning on having a public facing exploitable machine with a VPN tunnel to your internal network?  Hmm, I would not do that.  You can accomplish a lab like this all internally without facing anything to the public with VMs and a pfsense VM.  Pretty much all you are going to be practicing is exploiting a firewalled machine with some services port forwarded that your attacker can see with a VPN to some machine or machines in another subnet firewalled except for VPN.

 

  • Like 1
Link to comment
Share on other sites

Ok, so you are suggesting to create a virtual network outside my network? that will be easy to do. I think I was overthinking it. What I'm trying to accomplish is to learn how I can exploit a network or machine from outside the network. 

 

Link to comment
Share on other sites

There is no difference in exploiting a box based on its location, the difference is in post exploitation as you might not have direct access between the boxes. You can stimulate this locally with virtual machines, no need to use internet based hosts.

Link to comment
Share on other sites

the problem that I have encounter is that when I execute an exploit with metasploit is that when i exploit the target that I know is vulnerable to my exploit and it works on my local network (my machine and target machine share ips in the network) outside the network i cant get metasploit to connect back and open a session

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...