How to determine my actual external IP address through the windows command line while on a VPN

windows networking command-line vpn
12,882

Solution 1

First, check the local IP address! Make sure a public address is not assigned to the device.

If there is indeed a NAT, you would need to look at your routing table first.

$ netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0

Using that you should see what routes exist on that computer. Most likely there will be a route going over a VPN (yours) and then other routes. What you are looking for is the default route, make sure it exists and then send traffic over it; if the default route is your VPN then try to find a more specific route that leads you out of the network.

If you have a default route that is not your VPN go to any server in which you can track IP address that connected to it. This can be your server in which you try to ping, or try and access a webpage on your server.

Edit:

Adding a route in Windows:

route ADD *prefix* MASK *subnet* *gateway* METRIC *metric* IF *interface number*
route ADD 157.0.0.0 MASK 255.0.0.0  157.55.80.1 METRIC 30

Although you can change the route using meterpreter:

route add *prefix* *subnet* *gateway*
route add 157.0.0.0 255.0.0.0 157.55.80.1

Source:

http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands#route

route /?

Solution 2

I generally use checkip.dyndns.org (216.146.39.70) to identify my external ip, via the command

curl -s checkip.dyndns.org

In your case all you have to do is add to the routing table a specific rule bypassing the VPN. So, suppose your local gateway is 10.1.1.254, all you have to say is

ip route add  216.146.39.70/32 via 10.1.1.254 dev eth0

Now, when your request "curl -s chekip.dyndns.org" leaves your pc, it will be routed thru the local gateway, not the VPN, and the reply will disclose your true external IP.

Share:
12,882

Related videos on Youtube

bigbluedragon
Author by

bigbluedragon

6 years of SysAdmin and Network experience. Psychology major in college. I'm a very personable geek who can fit in anywhere that I feel is worth it.

Updated on September 18, 2022

Comments

  • bigbluedragon
    bigbluedragon over 1 year

    This question is a doozey, but is something I am trying to figure out for a simulation penetration test. Maybe I'm going the wrong way about it, and maybe I should post this in another forum, but given what I'm actually asking it felt appropriate here.

    I am able to remotely connect to another computer, and access a windows command prompt. The other computer is behind a VPN. Using only the tools I have at my disposal (that is, a reverse connected meterpreter) how can I find out the TRUE external IP address of the remote machine?

    I am thinking I will need to hit an external site (like ipchicken.com) or even just pull down an external webpage (since I have the server logs to that server) via the command line, while forcing it to NOT go through the VPN.

    Any help would be appreciated!

  • bigbluedragon
    bigbluedragon over 10 years
    yes, that would work on linux, is there a windows command to do something similar?
  • prateek61
    prateek61 over 10 years
    This one is great! Although, I would add that you should probably use the IP address in the curl as to limit network traffic. @TeddJohnson if you have a meterpreter session why wouldn't you just upload curl to the computer and then modify the routing table?
  • bigbluedragon
    bigbluedragon over 10 years
    what is the command to use a different route on windows?
  • bigbluedragon
    bigbluedragon over 10 years
    I will give it a shot in meterpreter, this would be a fantastic solution as long as it works!
  • prateek61
    prateek61 over 10 years
    @TeddJohnson, updated. Also, I would look at: offensive-security.com/metasploit-unleashed/… for uploading a file.
  • MariusMatutiae
    MariusMatutiae over 10 years
    @TeddJohson In windows the same command would be route add 216.146.39.70 mask 255.255.255.255 10.1.1.254
  • MariusMatutiae
    MariusMatutiae over 10 years
    @prateek good point about using the IP number rather than the full URL. The DNS request would go thru the VPN. I am not used to working in hostile environments.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

CREATE a VPN Connection on Windows Command Line
Commandline L2TP connection?
How can I connect to a forticlient ssl-vpn via Terminal?
which command is linux's netview?
Provide password to `nmcli con up` in terminal 14.04
How can I see if I'm logged in via VPN?
Allow incoming remote desktop connection when connected to VPN
Can't connect to VPN any longer on Windows 8.1
Accessing network shares on Windows 7 via SonicWall VPN client
Using systeminfo command on network computer