Greetings and initiate video presentation, we're going to see how I go about conducting an attack across the land, or the internet. The biggest question I get asked most often is, how do we attack a machine remotely? That is not on our local area network? How do I get my exploit to go over across the internet and find the machine and exploit it and have that information, come back to my machine halfway around the world. And that's what we're going to do in this short video presentation. I can appreciate everybody wanting to be a pen tester or a hacker white hat, black hat, gray hat.

And that's all good. And well, the problem is, we put the cart before the horse and we forget about our basic networking fundamentals, such as IP addressing, such as how do we configure port forwarding, and how do we can use Indicate across a network what regardless whether it's our local area network or if it's the land. So this applies to any type of exploit you want to conduct, whether it's through meta sploit, whether it's through beef, whether it's through some type of other exploitation application, it doesn't make any difference. It's the fundamentals, they remain the same. How do I connect? Or how do I attack a remote host from my local area network?

Now the problem with exploiting modern operating systems such as Windows 810, or even windows seven, is that they're much more secure than Windows XP ever was. But it can be done. But the problem is we have to do a little social networking. And we have to use applications where we interject a website or we interject interject some type of program that the end user regardless of where they're at, has to initiate So if I send him an email with a hook, and of course, we're going to call it we're going to call it the hook, because I'm actually going to incorporate this presentation inside of a beef presentation that I'm going to do later on. Alright, so beef is the browser exploit framework that is used up inside of Cali. All right, it's a great program, we can use it to configure an attack on a browser, and a user can initiate that attack, and then information comes back to us and we get what's called a reverse shell.

In that vein, it doesn't make any difference. If I'm using beef, or I'm using Metasploit, or some other type of hacking suite. It doesn't make any difference. The fundamentals remain the same. So let's go over this real quick. So one, you got to find out what your public IP addresses.

Now this doesn't mean that you're going to use your public IP. It means you have to know how to discover it. I gotta warn you that if you're attacking A remote host. Let's say it's a bank. Let's say that you're going after the NSA website, let's say that you're going after ISIS. Let's say that you're just going after some organization out there and you want to bring them down, and you want to attack them.

And you're going to do this by getting them to participate in the attack by launching through a web browser, the infection or the malware. Well, the problem with that is, is that you're going to leave little pieces of breadcrumbs all across the internet, letting them trace that attack right back to you if you use your default IP address. Now, in previous modules we talked about and you serve, we've talked about Tor and proxy chains we talked about using the VPN. And this is where that comes into play. You want to make sure that you are as anonymous as you possibly can be before you start initiating this attack across the land or somebody's going to come knocking on your door. So we're going to find out what our public IP address is once we have a VPN, or an answer or tour and proxy change enabled.

Once I've done that, I have to go over to my modem. Now my modem is from the ISP and it could be a cable modem, it could be a DSL modem, however it is that your internet provider provides you with internet access. That is the device all ISP and internet providers do a little thing called TCP IP Port 40. From the internet, from the when interface through their modem, whether it be DSL or if it's a cable modem, or it might be a router if it's an organization. That device is configured to forward all 65,535 ports or services over to the next hop. Now what you do with it.

After that is completely up to you. But this, this is also called your demark. And this is where the responsibility of the ISP or the internet provider ends. So we have no trouble sending out a web mail or some type of package and having it come back to our IP address. The problem is the machine the device, whether it's the modem or whatever it is, does not know what to do with it. It has to have directions, it has to be told that, hey, if I get an HTTP request from the internet, send it over to my Cali machine.

We've discovered IP address now we have to enable or forward all of the HTTP and www request over to our Apache web server using the outside or the when IP address that we discovered. Now everybody's got a different accent. router. I don't care if it's a Linksys or Netgear, whatever it is, it's a combination of three different devices. Usually it's got a firewall. It's got a built in switch.

It's got routing capability. Usually it's all done through some type of management console or interface, this device, this wireless access point, or this router, or whatever we have, where we plug in our laptop or desktop, whether we connect through a wire or we connect your wireless it makes no difference when we connect. It's all the same. TCP IP does not change just because you're using a wireless or a wire to connect. This device is usually referred to as a layer three switch. Now what's what is that?

Well, a layer three switches, nothing more than a router with a switch built into it. And if you look on the back of your Cisco Linksys or your Netgear access point Your wireless router, you will see ports that you can plug in an RJ 45 adapter, that's the switch portion, we refer to this as a layer three switch is basically just a combination of a switch and a router combined together every home router, layer three switch, whatever you want to call it comes with a CD or DVD that contains some software. Because you're going to access this device one of two ways to enable port forwarding, you're either going to use the software to access it, or you're going to use a browser to access it. They both work pretty much the same way. So this device that we call a layer three switch or this access point, your wireless router also has a web page built into it that you can access via a browser.

So I'm going to bring up my browser here real quick. And you'll see that I'm going to show you how to get on board have a very common Very popular commercial lynxes, wr t 61, zero and a router. All right, that tells you here just exactly how to do it. It tells you that the default address or the default gateway is 192 dot 168 dot one dot one on this changes, this changes from every manufacturer. Some of them are going to use 192 dot 168 dot zero dot one. Some of them will use a different IP address, it might be 0254.

They all use a different IP address, but it's all the same method for connecting to the web interface of the device. So how can you find it? Well, if you open up a command prompt onto your host machine, you can then do IP config. And you can look for the default gateway that's gone to be the address for that web interface. On your default router, your layer three switch your wireless Access Point, whatever it is you have put on to your network to allow multiple devices to connect to the internet. So I've opened up refresh tab, and I've just gone up to my address bar, and I've typed in the IP address from my default gateway.

I hit Enter, and it comes back and gives me the log on page. every device has a default username and password and you can find yours if you don't have it by just going to the internet and doing a search for it. So by default, just like your modem, a access point a wireless router, or whatever it is that you're using to allow connectivity to your internet provider allows port forwarding as well. So if you want HTTP or you want www traffic to go to your Cali machine, you've got to tell it. You're saying basically this if I get a request to access my web server on Cali send that request to this internal IP address, whether it be 192 dot 168, dot one dot 135 145, whatever it is. That's all you're doing.

And you can go over here and now we're back up inside of the Linksys here, they make it pretty darn easy for you, you can go over here and get the application name such as www or HTTP. And you can go in and you can add to have it done for you automatically just check the box. That's all you got to do is check the box and then any request that comes from the internet over to your outside IP address. That is for accessing a web server will be sent over to your Cali machine. Let's take a look at it. Now the next configuration change we have to make is we have to make sure that our Cali machine is on the same network as our default gateway.

Server default gateway is using a network IP of 192 dot 168 dot zero Row, then we have to make sure that Cali is assigned to the same network, a 192 dot 168 dot zero and you can assign any available IP address from that block. So if you want to assign an IP address that is to say the host portion of 3233, as long as not being used by any other device on the network, you won't have a conflict. Now you do this so that when the request comes back to that access point, where you have port forwarding enabled, that request will be able to be sent over to the correct IP address of the machine that is hosting your Apache web server. Now to get your VirtualBox or your VMware onto the same network, as your access point, or your host machine, you have to go into the services.

So you just go to start, type in services and the search bar and that brings up the services here you're going to scroll on down to To find either VirtualBox or VMware DHCP service, just double click it, and then you're going to stop it. So once you've got your emulators DHCP service disabled, you're probably going to want to use the DHCP service that is being used by your host machines. So as you can pick up another IP address. To do this, just go on up to your settings, whether it's VirtualBox or VMware, it makes no difference. Go into the network adapter and change it over to bridge. This puts you on the same network as your host machine.

You say, okay, you're out, you're done. Now, you're going to be picking up an IP address from the DHCP server that is running on that access point, whether it be your Linksys router, whatever it is, and you'll be able to find out what that IP address is by typing in if config inside of your terminal prompt. And that will bring back the current IP address you're receiving from your new DHCP server. And then you can go ahead and statically configure it to your network adapter. Why don't we statically configure the IP address that was assigned to us using DHCP. So that our local area IP does not change.

Because once we configure the port forwarding, we don't want to have to go back in or every time the IP might change, because we got a new IP address from our DHCP server. So just take that IP address and assign it statically to your interface. So I've enabled the port forwarding on to my access point, my wireless router. I've done all the fun stuff. So listen, gentlemen, over here, my target victim, when he opens up that malware or that fake web page and he clicks on that link, and he launches that hook that's going to travel over to the internet. It's going to come down here, it's going to hit my access point is going to be forwarded over to my Cali or to my Apache server and I will be notified up inside of the beat Management Console, that we are now connected.

So that's no different than doing it on the LAN, it's just a little bit more convolution that you're going to have to go through to make it work. So the first thing you're going to do is you're going to make sure that you turn on an on sir, or tour with proxy chains or VPN doesn't make any difference how you do it. Just make sure you use anonymity to hide yourself. Don't use your real IP address, right now. I don't have a VPN enabled. I'm not there yet.

So if I open up a web browser, and in this web browser, I'm just going to type in what is my IP comm? It's going to come back and it's going to tell me what my ISP is IP addresses. Now I'm currently living in the Philippines. So this is the IP address that is assigned to me by my provider. I'm going to go ahead and use an on sir. I'm gonna go ahead and start today.

Service in just a moment service will start. So what is my IP works great as long as you're not using a VPN or some type of anonymity service, so I'm going to go ahead and use my good old standby DuckDuckGo. And I'm going to type in test DNS leak. And just a moment, we'll come back up and we'll take the first option that is given to us and the results that are returned. So this is my new outside IP address. And I've been seeing from Russia.

So when I go inside of V, or meta sploit, or whatever it is, and I have to tell it, what the IP address is for my Cali server, or my web server on my Apache are where to send that return information to. This is the IP address I'm going to use. Now if you change your IP address, then you must go inside of the application and reconfigure the information for your IP address. Yes, that is pointing to your outside wendling so in this short video presentation we got to see about how we go and configure our local area network devices to allow LAN traffic and allow us to attack a target across the internet. If you have any questions or you have any concerns, please don't hesitate to reach out and contact your instructor and I'll see you in my next video.