search

EmpireProject / Empire

Empire is a PowerShell and Python post-exploitation agent.
http://www.powershellempire.com/
BSD 3-Clause "New" or "Revised" License
7.39k stars 2.81k forks source link

Works fine on LAN but not over internet #1295

Closed PinkPantherX closed 5 years ago

PinkPantherX commented 5 years ago

Empire Version

2.5

OS Information (Linux flavor, Python version)

Attacker: Kali linux Target: Win10 & Win7

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

mr64bit commented 5 years ago

If your VPN is running on the kali machine, you'll need to listen on the IP of that virtual adapter rather than the LAN IP. But unless you have a reason not to, listening on 0.0.0.0 is easier, and works just the same.

Try running Empire with --debug 2 and make http requests to your public IP:port from the target machine using curl or a browser, see if you get a response.

mr64bit commented 5 years ago

Now I see another issue. In your second screenshot, you have CertPath specified, making this an HTTPS listener. You'll need to change your Host option to start with https://, and when you're testing in a browser you need to specify https:// as well.

mr64bit commented 5 years ago

You can do forwarding with iptables, but at this point it seems the packets aren't even reaching your machine. (unless you enabled a local firewall on the Kali box) How are you forwarding traffic from the public IP through the VPN? That's where I'd start looking first.

mr64bit commented 5 years ago

Because your VPN is using private address space, you'll need to set up NAT masquerading as well if you haven't already.

On Sun, Jan 6, 2019, 04:59 PinkPantherX <notifications@github.com wrote:

I thought that just by opening port 443 on vpn will be enough fo forward traffic and that Empire would do the rest. My bad. I found some iptables rules for openvpn on Github and I set them up, but nothing seems to work yet. The firewall is not on. I think the proper forwarding is the problem..

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/EmpireProject/Empire/issues/1295#issuecomment-451729327, or mute the thread https://github.com/notifications/unsubscribe-auth/ACFwUHfS-zlca5EDGoAZNHJy610-Rr08ks5vAcjlgaJpZM4Zoc10 .

generatorada commented 5 years ago

iptables -t nat -A PREROUTING -p tcp -d youip --dport 443 -j DNAT --to-destination 10.30.126.30:443

And ipforward 1

Check in 2ip.ru/check-port/?port=443