Results 1 to 5 of 5

Thread: MEATASPLOIT shell closes???

  1. #1
    Junior Member imported_fridash's Avatar
    Join Date
    Dec 2008
    Posts
    51

    Default MEATASPLOIT shell closes???

    hello to all friends !!

    i recently started to learn how metasploit works ,,,,

    and have been trying to set up some attacks in my lab on my xp box ,

    i am running bt3 currently, on my xp box in vmware , when i try to configure attacks ( smb ,ms - ) i can get to the point when it tells me i got SHELL

    but when i try to invoke it by sessions -i 1

    it wont open and collapse

    Active sessions
    ===============

    Id Description Tunnel
    -- ----------- ------
    2 Command shell xx.xxx.xxx.xx:55357 -> xx.xxx.xxx.xx:4444
    3 Command shell xx.xxx.xxx.xx:54568 ->xx.xxx.xxx.xx:4444

    msf exploit(ms06_066_nwwks) > sessions -i 3
    Starting interaction with 3...

    [*] Command shell session 3 closed.
    msf exploit(ms06_066_nwwks) > show options




    no xx.xxx.xxx.xx is my ip , but what the hell is xx.xxx.xxx.xx is this the vmware interface ?

    is it set wrong ??

  2. #2
    Senior Member secure_it's Avatar
    Join Date
    Feb 2010
    Location
    在這兩者之間 BackTrack是4 FwdTrack4
    Posts
    854

    Default

    dude you are testing exploit on the public-side interface which is connected to internet.have you got static IP for yourself?and if not then this is dynamically assign IP and is in actual your internet faced router's IP and I am not sure but there may be chances that router is blocking this connection and blocking port 4444 response.I would like to recommend you to use private IP which is assigned to one of vmware virtual NIC in host machine.test on that IP.I assume you are using windows/meterpreter/bind_tcp & you have used command execute -f cmd -c already.if yes then use ps & it should show running processes.there are already 2 sessions active.you can close one as you have executed exploit more then once,use interact <ID> or sessions -i <ID> and yes that IP is vmware DHCP's assigned IP to your BT3 NIC interface.also don't put real public IP address on forum.there is no such need.instead use xx format.if you have just started learning metasploit then learn about VA first as launching a exploit may leads to DoS attack.

  3. #3
    Junior Member imported_fridash's Avatar
    Join Date
    Dec 2008
    Posts
    51

    Default

    thank SECURE -IT !!

    thanks for taking the time to help but still i dont get a few things :

    if the exploit is done whay cant i open the shell ?
    i dont have a private ip i use a cable connection at my home box (ip dynamic)if its my routers ip
    what ip then should i put as the RHOST ? (my box is xp ) how can i get from the vm to my box ?
    "".I would like to recommend you to use private IP which is assigned to one of vmware virtual NIC in host machine.test on that IP""
    what do you mean by that ? how can i know its ip ?(ipconfig?)

    if i take my laptop and lounch the attack wirelessly will i have more luck ?


    You have used command execute -f cmd -c already. what are those ? i dident use them ????


    thanks

  4. #4
    Just burned his ISO CM4r5h's Avatar
    Join Date
    Sep 2008
    Posts
    3

    Default Private network

    There is an option in vmware server that will allow your vm to share a private network with your local machine. There is also a bt3 vm that you can download and install. Then you could have both machines in their own virtual network.(How I do it.) The reason why the attack may not be working is because you are passing through a firewall. The service you are exploiting may have an open port but the port for your new shell may be closed. You could solve this by opening the port on your firewall or possibly by using netcat and a connect back shell. You can also use nmap to determine if the firewall is blocking your request on port 4444. I would also recommend turning the windows firewall off for testing purposes. Hope this helps.

  5. #5
    Junior Member imported_fridash's Avatar
    Join Date
    Dec 2008
    Posts
    51

    Default

    ok thanks will try thanks CM4r5h's

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •