How to determine my actual external IP address through the windows command line while on a VPN
Solution 1
First, check the local IP address! Make sure a public address is not assigned to the device.
If there is indeed a NAT, you would need to look at your routing table first.
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
Using that you should see what routes exist on that computer. Most likely there will be a route going over a VPN (yours) and then other routes. What you are looking for is the default route, make sure it exists and then send traffic over it; if the default route is your VPN then try to find a more specific route that leads you out of the network.
If you have a default route that is not your VPN go to any server in which you can track IP address that connected to it. This can be your server in which you try to ping, or try and access a webpage on your server.
Edit:
Adding a route in Windows:
route ADD *prefix* MASK *subnet* *gateway* METRIC *metric* IF *interface number*
route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 30
Although you can change the route using meterpreter:
route add *prefix* *subnet* *gateway*
route add 157.0.0.0 255.0.0.0 157.55.80.1
Source:
http://www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands#route
route /?
Solution 2
I generally use checkip.dyndns.org (216.146.39.70) to identify my external ip, via the command
curl -s checkip.dyndns.org
In your case all you have to do is add to the routing table a specific rule bypassing the VPN. So, suppose your local gateway is 10.1.1.254, all you have to say is
ip route add 216.146.39.70/32 via 10.1.1.254 dev eth0
Now, when your request "curl -s chekip.dyndns.org" leaves your pc, it will be routed thru the local gateway, not the VPN, and the reply will disclose your true external IP.
Related videos on Youtube
bigbluedragon
6 years of SysAdmin and Network experience. Psychology major in college. I'm a very personable geek who can fit in anywhere that I feel is worth it.
Updated on September 18, 2022Comments
-
bigbluedragon over 1 year
This question is a doozey, but is something I am trying to figure out for a simulation penetration test. Maybe I'm going the wrong way about it, and maybe I should post this in another forum, but given what I'm actually asking it felt appropriate here.
I am able to remotely connect to another computer, and access a windows command prompt. The other computer is behind a VPN. Using only the tools I have at my disposal (that is, a reverse connected meterpreter) how can I find out the TRUE external IP address of the remote machine?
I am thinking I will need to hit an external site (like ipchicken.com) or even just pull down an external webpage (since I have the server logs to that server) via the command line, while forcing it to NOT go through the VPN.
Any help would be appreciated!
-
bigbluedragon over 10 yearsyes, that would work on linux, is there a windows command to do something similar?
-
prateek61 over 10 yearsThis one is great! Although, I would add that you should probably use the IP address in the curl as to limit network traffic. @TeddJohnson if you have a meterpreter session why wouldn't you just upload curl to the computer and then modify the routing table?
-
bigbluedragon over 10 yearswhat is the command to use a different route on windows?
-
bigbluedragon over 10 yearsI will give it a shot in meterpreter, this would be a fantastic solution as long as it works!
-
prateek61 over 10 years@TeddJohnson, updated. Also, I would look at: offensive-security.com/metasploit-unleashed/… for uploading a file.
-
MariusMatutiae over 10 years@TeddJohson In windows the same command would be
route add 216.146.39.70 mask 255.255.255.255 10.1.1.254
-
MariusMatutiae over 10 years@prateek good point about using the IP number rather than the full URL. The DNS request would go thru the VPN. I am not used to working in hostile environments.