Metasploit mailing list archives

Re: Getting db_autopwn to work in a NAT'ed environment

From: Matt Gardenghi <mtgarden () gmail com>
Date: Tue, 02 Mar 2010 16:52:58 -0500

I wrote something up here that might be of use or at least point youinto the right direction: http://www.skullsecurity.org/blog/?p=261


On 3/2/2010 4:43 PM, egypt () metasploit com wrote:

You can set LHOST to an address not associated with the attack
platform in which case metasploit will attempt to bind 0.0.0.0 (the
any address).  If that doesn't work for you, you can try setting
DisablePayloadHandler to true and running a multi/handler job in the
background to catch shells.

Hope this helped,
egypt

On Tue, Mar 2, 2010 at 1:27 PM,<theysaid () hush com>  wrote:

Hi folks.
How is it so possible to achieve WAN-wide mass scans in an
environment in which (1) the user is behind a NAT router, and (2)
the user wants to utilize a reverse tcp payload.

First comes a typical network setup:
Internet<=>  Router (WAN IP)<=>  BT4 (192.168.2.10)
Incoming TCP/443 packets destined to WAN IP is forwarded to BT4
machine..

When we create our own payload with msfpayload, we can specify our
WAN IP and WAN PORT(443,in this case) and then within msfconsole,
we configure the handler to bind to our internal ip which is, in
this case, 192.168.2.10. When the payload is executed from anywhere
else, we are able to obtain a meterpreter session.

Here comes the problem:
But this will NOT work when using exploits or launching db_autopwn
with the reverse_tcp payload because we are obliged to set LHOST to
our internal ip for handler to bind to this ip and unfortunately,
msf will "again" use this LHOST value in exploit's payload and when
we launch an exploit then the RHOST will try to connect to the
internal ip that we've set..

I am looking forward to your opinions and workarounds on this.
Thanks.

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Getting db_autopwn to work in a NAT'ed environment theysaid (Mar 02)
- Re: Getting db_autopwn to work in a NAT'ed environment egypt (Mar 02)
  - Re: Getting db_autopwn to work in a NAT'ed environment Matt Gardenghi (Mar 02)