MEATASPLOIT shell closes???
hello to all friends !!
i recently started to learn how metasploit works ,,,,
and have been trying to set up some attacks in my lab on my xp box ,
i am running bt3 currently, on my xp box in vmware , when i try to configure attacks ( smb ,ms - ) i can get to the point when it tells me i got SHELL
but when i try to invoke it by sessions -i 1
it wont open and collapse
Id Description Tunnel
-- ----------- ------
2 Command shell xx.xxx.xxx.xx:55357 -> xx.xxx.xxx.xx:4444
3 Command shell xx.xxx.xxx.xx:54568 ->xx.xxx.xxx.xx:4444
msf exploit(ms06_066_nwwks) > sessions -i 3
Starting interaction with 3...
[*] Command shell session 3 closed.
msf exploit(ms06_066_nwwks) > show options
no xx.xxx.xxx.xx is my ip , but what the hell is xx.xxx.xxx.xx is this the vmware interface ?
is it set wrong ??
dude you are testing exploit on the public-side interface which is connected to internet.have you got static IP for yourself?and if not then this is dynamically assign IP and is in actual your internet faced router's IP and I am not sure but there may be chances that router is blocking this connection and blocking port 4444 response.I would like to recommend you to use private IP which is assigned to one of vmware virtual NIC in host machine.test on that IP.I assume you are using windows/meterpreter/bind_tcp & you have used command execute -f cmd -c already.if yes then use ps & it should show running processes.there are already 2 sessions active.you can close one as you have executed exploit more then once,use interact <ID> or sessions -i <ID> and yes that IP is vmware DHCP's assigned IP to your BT3 NIC interface.also don't put real public IP address on forum.there is no such need.instead use xx format.if you have just started learning metasploit then learn about VA first as launching a exploit may leads to DoS attack.
thank SECURE -IT !!
thanks for taking the time to help but still i dont get a few things :
if the exploit is done whay cant i open the shell ?
i dont have a private ip i use a cable connection at my home box (ip dynamic)if its my routers ip
what ip then should i put as the RHOST ? (my box is xp ) how can i get from the vm to my box ?
"".I would like to recommend you to use private IP which is assigned to one of vmware virtual NIC in host machine.test on that IP""
what do you mean by that ? how can i know its ip ?(ipconfig?)
if i take my laptop and lounch the attack wirelessly will i have more luck ?
You have used command execute -f cmd -c already. what are those ? i dident use them ????
Just burned his ISO
There is an option in vmware server that will allow your vm to share a private network with your local machine. There is also a bt3 vm that you can download and install. Then you could have both machines in their own virtual network.(How I do it.) The reason why the attack may not be working is because you are passing through a firewall. The service you are exploiting may have an open port but the port for your new shell may be closed. You could solve this by opening the port on your firewall or possibly by using netcat and a connect back shell. You can also use nmap to determine if the firewall is blocking your request on port 4444. I would also recommend turning the windows firewall off for testing purposes. Hope this helps.
ok thanks will try thanks CM4r5h's