exploiting beyond the LAN

[pentest09]

Hi Fellaz,

I've successfully exploited various win xp machines on my lan in lab environment using SET and aurora exploit but that is locally, how can these exploitz be used against other side of router on MY remote office pcs (ie.) want to try and pentest outside the local lan, will the exploit meterpreter session come back to me on my LHOST 192.168.0.8 address even if not on the same lan. if not how can it be acheived?

Pentest office : attack machine ip 192.168.0.8 public ip 96.xxx.xxx.xxx
Remote office different lan: victim ip 192.168.1.9 public ip 92.xxx.xxx.xxx
MY OWN btw victim machine both owned my myself.

both ip addresses differ 92.xxx.xxx.xxx and 96.xxx.xxx.xxx so how to metasploit past my remote router into the lan side.

As stated I own both networks but not Pwnd yet.
Googled and not found a thing apart from changing LHOST to public ip but thats just the router isnt it?

Kind Regardz DEE


Hi

Thanks for you response to my problem, i am still having problems with the port forward feature.... After your advice i am have set up my attack side lan router to forward incoming connections on port 4444 TCP/UDP to any on lan.

Now when i do a aurora attack on my office for connection back on my backtrack 4 machine ip= 192.168.0.8 i have set LHOST to my routers ip address = 90.xxx.xxx.114 i get my router login pop up after the ip add is input in browser. my router settings are:

Firmware Version 1.9Sky
ADSL Port
MAC Address 00:xx:69:xx:34:xx
IP Address 90.xxx.xxx.114 (is the one i used in LHOST)
Network Type PPPoA
IP Subnet Mask 255.255.255.255
Gateway IP Address=89.xxx.128.xxx
Domain Name Server =90.xxx.xxx.97 90.xxx.xxx.99
LAN Port
MAC Address 00:xx:xx:xx:xx:d6
IP Address 192.168.0.1
DHCP enable
IP Subnet Mask 255.255.255.0

Please advise as to which ip to use in my LHOST so that the packets are fowarded form there on to my local ip 192.168.0.8

Do i use the gateway ip instead?

thanks again this is the final part for me to pentest my office remotely.

BTW ESET SMART SECURITY IS THE MUTZ NUTZ ... defeats arp poisoning and much more.

[Snayler]

I've already responded to this thread in the old forums, but for those who might interest the answer, i'll post it here too. I changed some things to make the post clearer as it made some confusion in OP's head and now I understand why.
-----------------------

want to try and pentest outside the local lan, will the exploit meterpreter session come back to me on my LHOST 192.168.0.8 address even if not on the same lan.

Obviously not. If you did that, meterpreter would try to communicate with 192.168.0.8 but on your remote office's local network. You would have to set your LHOST to your pentest office IP on the net and port-forward the meterpreter's port to your local IP (this is made on your pentest office's router's configuration pages).

As stated I own both networks but not Pwnd yet.
Googled and not found a thing apart from changing LHOST to public ip but thats just the router isnt it?

Yes, that's just the router unless you port-forward like I said above, so that the router know what to do with the incoming connection.

[Gitsnik]

I was going to respond over there, but I think I'll do it here.

If you own both of those networks you are either in charge of them (i.e. CEO), or you are a network guy. If you are the CEO you need to look into how things work on the internet - specifically NAT, routing, private/public IP addressing, and the TCProtocol. If you are the network guy in charge, you need to turn in your geek card for not knowing the basics.

Either way you have a course to try

[lupin]

You had better also make sure that both of your ISPs (your home account ISP and your business account ISP) allow attack traffic to be sent over their connections.

And if you don't already know how things like NAT work sending attack traffic over the Internet may be a dangerous proposition. What if you end up attacking the wrong person by mistake?

[pentest09]

Hi again Fellaz,

Thanks for your responses now I have tried to forward the meterpreter LHOST to my public ip on my attack machines net but when i try the aurora exploit it brings up my router login page i have 3 ips in my router set up

ADSL PORT SETTINGS

1: Ip address= 90.219.xxx.xxx (which i used as LHOST and port 4444 in metasploit)


2: Gateway IP Address = 89.xxxx.128.xxxx

3: Domain Name Server 90.xxx.xxx.97 90.xxx.xxx.99

and lan IP = 192.168.0.8 Backtrack machine with listener

Now which ip is the one for the exploit to connect to and foward on to my lan ip?

Everthing works fine in LAN, SET , MSF and so on Please help as I cant get it working and googled but not much in way of this and remote exploit.org .down on all my machines so think its being updated cant connect .

regards DEE

Ps: Much appreciated the replies.

[pentest09]

Ok ladz think i get the jist,

Usually LHOST is the path back locally from the victim which is local ip internally so i just set it to path back to attack net router the DMZ option it to forward the connect on to local ip machine Attacker and set up the firewall rule on routers to accept the incoming coonection on port say: 5555 to just wan ip locallly ie 192.168.0.6.

But.............I check the port via port checker to see if open and only one that shows open is utoorents port all other seem closed.

Getting there slowly trying again today thanks for all your replies, and pureh@te your a tough cookie fella but but thanks all the same.

DEE