Metasploit and SET wierd thing.

[sickness]

Ok I will try to explain this as clear as I can:
I plaied with Metasploit and SET in my LAN, worked fine no problems no nothing so me and a friend of mine tought to test them on the internet.

So I tried port forwarding with both, none worked but then I set my router to give me an external IP both worked. I just don't get it works fine with external IP so why doesn't it work with port forwarding.

I turned firewalls off too still nothing.

[lupin]

Someone in one of the mailing lists I subscribe to had this exact problem, but I never heard back on whether the issue was resolved. But at least now you know you're not the only one with this problem

You will probably need to do some low level troubleshooting on this to find out how the SET payloads work. Id recommend starting off by performing a packet capture on a working Metasploit/SET session and seeing how many TCP sessions are involved and which systems initiate the connection, then do the same with a non working one and see the difference in order to track down the root cause. In the case of the non working session, get packet captures from both the client and server side - I anticipate you will see one of them attempt to make a connection to the private NAT address of the other, which obviously won't work.

I have had problems with getting other client side attacks working through Metasploit when NAT was involved. In the situation where I was having the problem (it was with a reverse_http passivex session), I had to modify the code of the Metasploit reverse_http handler to get the connection to work.

If you fix this it would be good if you can share details of the resolution of the problem.

[sickness]

Well I tried Metasploit but the funny thing it I can see how the exploit is running I just don't get a shell back.

Code:

[*] Sending Internet Explorer COM CreateObject Code Execution exploit HTML to 82.77.186.30:2740...
[*] Sending Internet Explorer COM CreateObject Code Execution exploit HTML to 82.77.186.30:2740...
[*] Sending Internet Explorer COM CreateObject Code Execution exploit HTML to 82.77.186.30:2740...

Ok as promissed I would come back and tell you the results. I fixed Metasploit with port forwarding.
The problem was from my brain it's just not good enought.
I realized after some time in the routers page that the rules from port forwarding were made only for "UDP" and not "TCP" I just had to make my own rules for UPD and TCP trafic both and Metasploit worked just fine Think I will make a tutorial about this.

I haven't got the change to test SET yet but will try it, hope it works.