Metasploit over tor

Greetings everyone,

This has probably been asked a thousand times before…
How to run an exploit remotely (not over wan) over the tor service?
I know you can’t reverse connect and can only use a bind payload. I am able to pop a few command shells and even part of a meterpreter shell but I don’t think the entire payload has been loaded on the remote system because I only have limited meterpreter commands.

Any ideas? is this possible?


1 Like

You have to be more specific.
Who is the target?
The exit relay?
The 2 first relays?
The onion network database?

In 2015 FBI uploaded a malicious into an onion site and retrieved MANY IP’s.Tor fixed this vulnerability with selfrando.
But if you want to upload an exploit into a relay, then I suppose you cannot because their only job is to encrypt and decrypt the data you send. So if you send an exploit, they just encrypt the file… They do not execute it.

1 Like

There are many ways of approaching this, one way of doing it is by using a proxy, a gateway etc.


I’m not asking about trying to exploit a tor node. Just send an through the tor service to another remote address.

Is this possible?

Not doing anything illegal just asking for a friend :wink:

Oh, then I suppose you can.
If you can do it without tor, then you can do it with tor.

But I do not think it’s a very good idea.
I think that there will be some leaks if your friend has not made his router working with tor.

1 Like

So then in your opinion what is the best way to launch metasploit attacks remoteley (not over wan) anonymized?

as Alexis sais you can use proxichains etc to do this job.

1 Like

In my opinion you can choose one of those scenarios :

  1. You have a Pi mini pc that keeps no logs and via it you can attack to other computers in the network.

  2. Another one is if you have access to the router options, you can open a port and take a laptop or whatever and you connect to other free wifi and connect to your router via tor in the open port and you upload an routersploit and do you job.

3)If victim’s pc is connected via ethernet, then you can do something like MiTM (if router is switched, use a method like turtle) attack if you want to retrieve information, or some similar ways to control his internet direction to redirect him in a place that you want like (a page to download a file, cookie virus etc.) and do your job.

  1. If you upload to victims computer an exploit, you can make it to take orders via a private net and it can upload files etc to this net or another one (like anonfile) via victim’s computer. That means he sees that he is attacker and a victim at the same time.

  2. If router keeps no logs, then the only threat you have is the local IP that router gives you (192.168.XX.XX) for your identity.
    So the simplest is to attack normally to the computer and then handbrake router (for extra security) and restart your device to take a new IP and boom!

1 Like

service tor start
proxychains msfconsole

that should be able to send exploits over the tor network to targets machine?

What about anonsurf in parrot os? Is this capable of running metasploit through?
I seem to be able to spawn shells in anonsurf but the connection drops out
Also I am aware that you can only send tcp bind payloads etc… obviously not reverse connections (because your LHOST is *anonymized)

by the way thanks guys for your replies so far

There is a course on udemy by name Learn ethical hacking from professional there it has discussed in breif…

Well you can set tor proxies then try
proxychains msfconsole .