Results 1 to 5 of 5

Thread: meterpreter connection?

  1. #1
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    22

    Question meterpreter connection?

    will meterpreter/reverse tcp work if both the attacker and the victim are behind a different NAT with only local ip's or for example does the attacker have to be directly connected so he has his own public ip for the reverse connection to take place?

    also will making LPORT 8080 make a difference?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    A reverse tcp payload is basically just the victim machine creating a regular tcp session to the attacker and channeling the control channel over that session, so it will only work in environments where this could actually occur. You would basically need port forwarding of the reverse port from the routers publicly accessible IP to the attackers system.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    22

    Default

    Quote Originally Posted by lupin View Post
    A reverse tcp payload is basically just the victim machine creating a regular tcp session to the attacker and channeling the control channel over that session, so it will only work in environments where this could actually occur. You would basically need port forwarding of the reverse port from the routers publicly accessible IP to the attackers system.
    oh thought so, thanks for the info

  4. #4
    Junior Member
    Join Date
    Jul 2009
    Posts
    37

    Default

    What I've figured out, is they (the victim) can be behind a router, and they will still connect to you even if the VICTIM does not have their ports forwarded, all the attacker needs to do is forward that one port through their router to allow this connect-back to occur.

    What should also be noted is that other reverse_tcp payloads basically have the same code, so if the attacker is listening for a vncinject/reverse_tcp, and the victim has the meterpreter/reverse_tcp payload executed, you will get the one you are listening for...was surprising at first but makes sense, basically the same .dll inject method used for both pennetrations

  5. #5
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    22

    Default

    Quote Originally Posted by b3r00tb4ck View Post
    What I've figured out, is they (the victim) can be behind a router, and they will still connect to you even if the VICTIM does not have their ports forwarded, all the attacker needs to do is forward that one port through their router to allow this connect-back to occur.

    What should also be noted is that other reverse_tcp payloads basically have the same code, so if the attacker is listening for a vncinject/reverse_tcp, and the victim has the meterpreter/reverse_tcp payload executed, you will get the one you are listening for...was surprising at first but makes sense, basically the same .dll inject method used for both pennetrations
    exactly what i had in mind, thanks for the info!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •