1. Ex1 – Generating a Backdoor That Works Outside The Network
So far in the course, we have learned a number of methods to gain access to computers. We learned how to do that using server-side attacks, client-side attacks, and social engineering. We tested everything, though, within our own network, just to simplify things. That does not mean that these attacks only work inside the network. In fact, all of them work outside of the network on the Internet, even if the target computer is connected to different networks or is in a completely different country. The only thing is that you need to configure port forwarding properly. You can do that using the router’s settings page, and that’s what we’re going to focus on in this course.
But you can also achieve the same results by installing Kali or your tools on the cloud, using a cloud SSH server, or using the Eternal Link Service, which is designed to solve this very problem. Obviously, each one of these methods comes with its own advantages and disadvantages, but we’re focusing on the first one because, in my opinion, you have to understand how this method works before being able to use all of the other methods. So we’re spending four lectures explaining this method in detail. So you can use it with whatever service you want, whether you want to use it with beef, with backdoors, with your own web server, or with any other service that you want to expose to the Internet. And then, if you face any limitations or if you want to learn other methods, you can check out the other methods that I have actually covered in various places.
But as you can see here, I didn’t want to COVID them all in here, obviously, because this is not a social engineering course. This is an introductory course that is designed to introduce you to most hacking fields. And then, if you want to learn more, you could actually check out the other methods, with the main next method being the one in number four in here using tunnelling services, which I covered in my social engineering course. So check out the bonus lecture for more information. So first of all, let’s take a look at the default network setup. So we’ve seen this before. We’ve seen a similar diagram. And right here you can see that we have the router, we have the clients that are connected to the router, and then we have the router that is connected to the Internet. And we mentioned before that all the clients, all devices inside the network, actually don’t have Internet connections. They can only access the Internet through the router.
So whenever they want to request something, whenever they want to go to a website, for example, if they wanted to go to Google, this device will actually send a request to the router. The router is going to go to the Internet, it’s going to get Google.com, and the response is going to be sent to the router. Then the router will forward that response to the device that requested it. So inside the network, each device has its own private IP. So we can see that these IPS are written in red and that they only exist within the network. That’s why we call them “private IPS,” because outside the network, these IPS are not visible. We can also see that the router has two IPS. So it has a private IP in red, which is accessible by all the devices in the network, and it’s only used inside the network. It also has a public IP, which I have here in green. And this is the IP that’s accessible through the Internet. So this is the IP that Google sees.
So whenever you actually go to Google or any other website, they see an IP address, but they won’t see your private IP address. They’ll actually see the IP address of the router because the router is the device that’s actually making their requests, not you. So all the requests made by all of these devices on the same network will all appear as if they’re coming from the same machine or from the same IP. This is again because the only device that has access to the Internet is the Raptor, and it’s none of these devices. Now let’s go back to our scenario. So in most cases, or if you think about it, in all of the attacks that we do, the main thing is that we want to get a reverse connection. Even when we’re using Beef, we actually get a connection to Port 3000, which is the port that Beef is working on. And when we’re using our backdoors, we actually receive a connection on the port that we specify when we make the back door.So keep in mind that if you want to send that back door to somewhere outside your network, your local IP address will not be visible. So what you want to do is use the public IP, which is the IP of the router. And all you have to do to get it is go to Google and type in what’s my IP. And as you can see, Google is telling me that my IP address is this.
And this IP will actually be the same for all the machines on the same network. Now, I should note here that if I run ifconfig, I’m actually connected through a wireless card, so I’m not using an at-connection; I’m using an external wireless card that’s connected to my home network right here. So all the devices in my wireless network at home will have this IP. Again, that’s because they all use the same router and are all connected to the same network. So we’re going to use this IP for our back door. We’re going to send the backdoor to a person who exists on the Internet, so she exists here. That person is going to run that back door, and that back door is going to use a reverse connection. So it’s going to try to connect back to the router on port 8080. For example, if we chose that port in the backdoor, once the router gets a request for port 8080, it won’t know what to do with it because the router is not actually listening to port 80 80.And this request will not tell the router where it wants to go. So we’ll need to configure the router to tell it.
Whenever you get a request on port 80, I want you to forward that part to the Kali machine, and you can do that for any port you want. So I’m just using 80 as an example. But you can do it for any port that you’re listening on, whether it’s 80, 84, 4, or 3000. For beef, the main idea is that you want to use your real IP outside the network. So whenever we run any attack, in previous lectures and even in future lectures, if you want to run that attack on the Internet on someone that doesn’t exist on your home network, then first of all, make sure you use your public IP. And make sure you configure your router to forward requests on the port that you’re listening on to the CAL machine. And I’m going to show you how to do that in the next lecture. Right now, I just want you to get the idea of what we need to do and how that is going to work. So we’re going to have examples in the next lectures, and it’s going to become much more clear.
2. Configuring The Router To Forward Connections To Kali
Okay, so now let’s go ahead. Let’s create a backdoor. And the only difference is that we’re going to set the IP to the public IP instead of the local IP. So we’re going to create a backdoor exactly the same way that we used to create it when we were hacking devices in the same network. So I’m going to use Ville Evasion, and I’m going to do this a bit quickly because we’ve done it and there’s nothing new with this. So we can just see what we have; I’m going to use number nine. So it’s the exact same payload that we used in our previous video. It’s the reverse HTTP payload. So we’re going to use nine, and we can see the options here. We can see that the L port is set to 80 by default, and I’m going to keep that the same. The only thing I’ll change is the LHOST. And in the previous videos, when we were receiving connections on our own computer, we used to set it to the local IP. So if I do Fconfig Land Zero, we used to set it to 1921-6801 because that’s the IP that the devices use inside the network. But whenever we want to do things on the outside, we want to use the real IP, because these internal IPs are not visible to computers outside the network.
So I’m going to use the IP that I see on Google. So when I type “what’s my IP,” I get this IP, which I’ll use as the LHOST in my back door. So I’m just going to copy this and I’m going to paste it here. Sorry, I didn’t paste it properly. So set up the information to make sure everything is set up properly. So in 8080, we’re using the public IP, so this is the most important step in this. And then we’ll do generate, and we’ll simply call this backdoor TXE. I’m going to hit enter. and that has generated my payload for me. So it’s stored here. So again, as usual, I’m actually going to copy this and paste it in my VAR, www.html, and I’ll show you how to actually even download this from the Internet from outside the network. So I’m just going to copy this to my web server directory. Okay, so that’s all done. Now all we have to do is just listen for incoming connections. We’re going to do that using the multi-handler. So we’ve done that before. Again, I’m just going to do it real quick. And when I’m going to listen to the multi-handler, I’m actually going to listen on my local IP.
So I’m not going to listen to the outside world. I’m going to listen on the local network because I can’t listen on the external network. I’m actually on the network, and I only have control over my current computer. So what I’m going to do now is go in here to the Cali machine. I’ll be listening on port 80. And on the external device, the back door will try to connect to the back door. So the next step is to configure IP forwarding so that you can instruct the router to forward ports 80 and 80 to the Kali machine. But first, we need to listen to port 80 on the Kali machine. And we’re going to do that using the multi-handler. So I’m just going to do MSF console again; we did this before, so I’m going to do it a little bit quickly. So I’ll use exploit multi handler. I’m going to set the payload to Windows Meterpreter reverse HTTP. Then we’re going to set the Lport to 80 80. So that’s where we’re going to make connections. And then I’m going to set the LHOST, the listening host, to my private IP, as I said before.
So I’m going to set LHOST to 192168 00:11. Now I’m going to show options to make sure everything is done properly. And we can see that we have the output set to 80, and the local host is set to 192168 00:11.And we’re using a payload of Windows metres to reverse HTTP. So it’s all good. I’m going to exploit. It’s listening on myprivate IP and port 80, as you can see here. So we’ve completed the first two major steps. We created a backdoor, and the backdoor will give us connections based on the real IP address. and we’re listening on our local machine. We’re listening on port 80 on the Kelly machine. So when the target person runs the backdoor on the Internet, the backdoor will try to connect to this IP on port 80 80. The only problem now is the gateway, which is the router right here. It doesn’t have port 80 open, so it’s going to receive the connection. It’s not going to know what to do with it. As a result, we must configure the router to tell it. Whenever you get something or get a connection on port 80, I want you to redirect it to my Kali machine. And we can do that in two ways. and we’re going to talk about them in the next lecture.
3. Ex2 – Using BeEF Outside The Network
Now, in this lecture, we’ll learn how to configure the router so that it forwards incoming connections to the CAL machine so we can receive reverse connections. We can hook people up to Beef and launch attacks outside the network the same way that we used to launch them inside the network. So to get to the router settings, usually the router is the first IP in the subnet. As you can see, my IP address was 192.168.0.11. Usually the router is the first one, so it’ll be 1921-6801. Also. Another way to get it is to type in “route N,” and that will show you where the gateway is. And as you can see, it’s at 1921-6801. So this is the local IP address of the router. We’re going to browse that in our browser. So I’m just going to type it in here, 1921-6801, and hit Enter.
And as you can see, I have my router settings, and I have to log in with my username and password. Now, the router settings might look different from router to router, but the names are usually the same. Usually, first of all, you’ll have to log in, as you can see here for me, and you either have a default username and password or you’ll see them on a sticker behind or underneath the router itself. So for me, I’ve actually changed the password, so I’m just going to log in. So I’m logged in to my control panel. And again, it might look different for you, but you want to look for something called IP forwarding. For me. It’s under advanced. So I’m going to go to “Advanced,” and then I’m going to go to “Forwarding.” And this is where I can set up my IP forwarding. So look for something called “IP forwarding,” or as I’ve actually seen it on some writers, “Virtual Network.” I don’t know why, but you want to look for something that allows you to setup rules to redirect ports inside the network. At the moment, we are listening on port 80. So that’s the port that we picked in the handler. That’s the port that we picked at the back door, and that’s the port that we want to get the connection on. So the public port is going to be 80 80.And again, the target port is going to be 80, and the target IP address is the IP address that’s listening on the port. So this is the IP address of the Kelly machine where you have your handlers running. So my Kalimachine’s IP address right now is 192.168.0.11. And we can see that right here in the ifconfig output.
So it’s 192168 00:11. I’m going to type that in here, and that’s it. That’s the rule that we want to add. I’m going to click on “Save,” and that rule is saved. So now, whenever the router gets a request for port 80, it will know that it’s going to forward that request to the Kali machine, and the router will not cut that connection. So we’ve actually set up a proper route right now. So the first thing we did was create the back door. We used the real IP at the back door. We didn’t use the private IP, so we didn’t use the 192168 00:11.We use the real IP address. We’re going to send that back to a device on a different network. That device is going to run through the back door. The back door will try to connect back to the real IP on the router. But the router will know exactly what to do with this because we just set up a rule telling the router to forward any request that it gets on port 80 to the Cali machine. What I also want to do is set up a rule for port 80. This is the port that Apache, my web server, runs on. And I want to enable that so that I can download the backdoor from the target computer. So I’m going to add a rule for port 80. And again, this is going to be the same machine, the Kali machine. And we’re going to put port 80 here.
We’re going to save this rule. And this will allow me to download the backdoor because I placed the backdoor in Varw right here. So I’ll actually be able to access my web server in Kali and download the backdoor from outside the Internet. So I’m going to start my Apache web server. So this is actually just another example. You don’t really need to do this. You can just transfer the backdoor using USB or any other method, or send it by email. I’m just showing you another example of how port forwarding is used. Now, I’m going to go to a Windows machine, and that Windows machine is going to be connected to a completely different network, and we’re going to download the file from there. So here is my Windows machine. And if I go and check my IP, you’ll see that it has a different external public IP. So I’m just going to look for my IP. You’ll see that the IP here is completely different than the IP of this machine that we used. So these are two completely separate devices connected to different networks. And what I’m going to do now is access my Apache web server and download the backdoor.
And normally, without IP forwarding, you won’t be able to do that. And to access that, first, I’m going to get the IP of this machine again because I forgot it. And it’s 89, 101, 4, and 5189. And we referred to our backdoor as the backdoor. So I’m just going to type in backdoorexe, and we’re going to hit enter. It’s actually 189 here, not 89. And as you can see, I was able to download the backdoor. And this should actually tell you that IP forwarding has been set up correctly, because without it, I wouldn’t be able to access my web server and download the backdoor. So I’m actually accessing the web server incali as if it’s a normal website. You can, for example, host fake web pages, websites, and anything else you want right now on your Apache server. So I’m going to come in, I’m going to run the back door, and we’ll see if that will give me a reverse connection on my California machine, which is on a completely different network. And, as you can see, I received a reverse meterpreter shell, and the shell is coming from an external IP address into my internal IP address to the cali machine. And right now, I can control the target computer and perform all of the postconnection attacks.
