ae3erdion Posted June 16, 2018 Share Posted June 16, 2018 Im create this lab where one of the machines is facing the internet. My goal is to be able to exploit it from outside the network, like public internet access, and in the future do some lateral movement in the internal network of the lab. Where I can look for information on how to do that? Quote Link to comment Share on other sites More sharing options...
bashM0nk3y Posted June 17, 2018 Share Posted June 17, 2018 You can setup port forwarding on your public facing router to access said network. For example, Ive got a secondary laptop that I mainly use as a network attached backup server, and sometimes is handy for ssh tunnels out of public wifi networks. You have to setup a rule to forward ssh to the desired private IP address, then I could access my `server` by ssh-ing to my public IP address, and the router automatically forwards the traffic to the server. That is one relatively safe way of getting into your home network, but I would REALLY recommend using public key authentication if you plan on setting up port forwarding like this. You prob will see attempts at random IPs trying to get into your network eventually, so always better safe than sorry, right? 1 Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted June 17, 2018 Author Share Posted June 17, 2018 I get that part. Let me be more clear on my setup so you can get a better idea of what I'm trying to do. 1. I have a couple virtual machines in digital ocean connected to a vpn at home with other virtual machines. 1.1 digital ocean machines are a web server and an ftp server facing the internet 1.2 machines at home are metasploitable, domain controler, and a few more vulnerable systems to practice 2. my goal is to be able to "compromise" my servers facing the internet and gain access to the VPN by lateral movement and eventually gain control of the system 3. as i learn I want to improve my security and make it more challenging every time Hope is more clear now Quote Link to comment Share on other sites More sharing options...
digininja Posted June 17, 2018 Share Posted June 17, 2018 Not everything can be compromised, unless you've installed a deliberately vulnerable versions of software or deliberately configured them with weaknesses. If you have, then get them off the internet now otherwise someone else will compromise them and you'll lose your box. Why are you wanting to attack something over the internet? What are you trying to achieve with it? Attacking a service is the same regardless of whether it is local or remote and you can very easily build a VM environment to simulate a remote network if you really want to. 1 Quote Link to comment Share on other sites More sharing options...
PoSHMagiC0de Posted June 17, 2018 Share Posted June 17, 2018 Also, if I read correctly you are planning on having a public facing exploitable machine with a VPN tunnel to your internal network? Hmm, I would not do that. You can accomplish a lab like this all internally without facing anything to the public with VMs and a pfsense VM. Pretty much all you are going to be practicing is exploiting a firewalled machine with some services port forwarded that your attacker can see with a VPN to some machine or machines in another subnet firewalled except for VPN. 1 Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted June 17, 2018 Author Share Posted June 17, 2018 Ok, so you are suggesting to create a virtual network outside my network? that will be easy to do. I think I was overthinking it. What I'm trying to accomplish is to learn how I can exploit a network or machine from outside the network. Quote Link to comment Share on other sites More sharing options...
digininja Posted June 17, 2018 Share Posted June 17, 2018 There is no difference in exploiting a box based on its location, the difference is in post exploitation as you might not have direct access between the boxes. You can stimulate this locally with virtual machines, no need to use internet based hosts. Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted June 17, 2018 Author Share Posted June 17, 2018 the problem that I have encounter is that when I execute an exploit with metasploit is that when i exploit the target that I know is vulnerable to my exploit and it works on my local network (my machine and target machine share ips in the network) outside the network i cant get metasploit to connect back and open a session Quote Link to comment Share on other sites More sharing options...
digininja Posted June 17, 2018 Share Posted June 17, 2018 That will probably just be a problem with NAT or open ports. Do some research, it's well documented. Quote Link to comment Share on other sites More sharing options...
ae3erdion Posted June 17, 2018 Author Share Posted June 17, 2018 Could you point me to some trusted resources where I can learn more about it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.