Results 1 to 9 of 9

Thread: Metasploit framework 3 problem

  1. #1
    Junior Member Tr00g33k's Avatar
    Join Date
    Jul 2008
    Posts
    46

    Default Metasploit framework 3 problem

    I try to exploit vulnerable computer (i know that is vulnerable) because it s my own computer, and just evry exploit that i use return the same thing

    msf exploit(ms06_066_nwapi) > exploit
    [*] Connecting to the SMB service...[*] Started bind handler[*] Binding to e67ab081-9844-3521-9d32-834f038001c0:1.0@ncacn_np:192.168.1.3[\srvsvc] ...
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)

    But i dont get this just with that exploit but with all others exploits too.
    Any tip?

    Tr00G33k

  2. #2
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    2

    Default

    Your exploit isnt the right one for the version of windows by the look of it, how are you so sure that its exploitable? Have you checked that the particular exploit you have picked doesnt need to be modified for the victim machine? ie language etc, can you even connect to the machine from backtrack?

  3. #3
    Just burned his ISO
    Join Date
    May 2008
    Posts
    7

    Default

    Use the show targets command to make sure you have the right platform selected.

    Also make sure your firewall is turned off

  4. #4
    Junior Member Tr00g33k's Avatar
    Join Date
    Jul 2008
    Posts
    46

    Default

    i know i have installed sp2 on my machine and this exploit is for sp2 windows xp, and yes its rechable from my computer i have server on computer too.

    bt ~ # ping 192.168.1.3
    PING 192.168.1.3 (192.168.1.3) 56(84) bytes of data.
    64 bytes from 192.168.1.3: icmp_seq=1 ttl=128 time=2.18 ms
    64 bytes from 192.168.1.3: icmp_seq=2 ttl=128 time=0.161 ms
    64 bytes from 192.168.1.3: icmp_seq=3 ttl=128 time=0.167 ms
    64 bytes from 192.168.1.3: icmp_seq=4 ttl=128 time=0.181 ms
    64 bytes from 192.168.1.3: icmp_seq=5 ttl=128 time=0.180 ms
    64 bytes from 192.168.1.3: icmp_seq=6 ttl=128 time=0.155 ms

    And if i try to exploit any other computer, i have connect to network a laptop with xp sp1, and didnt work any exploit for that computer either,but few weeks ago i tried to exploit it with MSF3 and windows xp and worked, i really dont know what could be wrong, is it possible that the router is blocking te traffic?but all computers are in the same network,and this once already worked. Any other tip?

    Tr00G33k

  5. #5
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    are you using backtrack? just try the autopwn or massclient attack then check your sessions -l -v to see what exploit was used to gain the shell if even a shell was launched...

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Tr00g33k View Post
    i know i have installed sp2 on my machine and this exploit is for sp2 windows xp, and yes its rechable from my computer i have server on computer too.
    Reachable yes, but have you turned off the Windows firewall that comes enabled by default in Windows XP SP2? And as ReeFlexx said, have you checked that the exploit you use is for the same language as the Windows running on the target machine? It might be that you have to configure the actual exploit in order for it to work for the victim.
    -Monkeys are like nature's humans.

  7. #7
    Junior Member Tr00g33k's Avatar
    Join Date
    Jul 2008
    Posts
    46

    Default

    If i use autopwn

    msf > db_nmap 192.168.1.3[*] exec: "/usr/local/bin/nmap" "192.168.1.3" "-oX" "/tmp/dbnmap.12514.0"
    NMAP:
    NMAP: Starting Nmap 4.60 ( nmap.org ) at 2008-07-24 01:58 GMT
    NMAP: Interesting ports on 192.168.1.3:
    NMAP: Not shown: 1710 closed ports
    NMAP: PORT STATE SERVICE
    NMAP: 80/tcp open http
    NMAP: 135/tcp open msrpc
    NMAP: 139/tcp open netbios-ssn
    NMAP: 443/tcp open https
    NMAP: 445/tcp open microsoft-ds
    NMAP: MAC Address: 00:0C:6E:01:25:C6 (Asustek Computer)
    NMAP:
    NMAP: Nmap done: 1 IP address (1 host up) scanned in 2.535 seconds
    msf > db_autopwn servicess
    msf >

    And if i use mass client attack and internet explorer works
    it opens a shell Id 1 Description Command shell Tunnel 192.168.1.2:59036 -> 192.168.1.3:4444 via windows/browser/ani_loadimage_chunksize

    On the computer 192.168.1.3 i am asked from the firewall if i allow that internet explorer connects, but i we use the exploit metafile owerflow and it worked without firewall asking me for connection(but this was few weeks ago)and i was testing it from windows xp to windows xp.

    Ok than i have another question, wich exploits does exactly Fast-Track mass client attack use(only for browser)?(im sorry if this is soo n00b question). Or doest it try that exploit that i used (ms06_066_nwapi) too??

    And yes i have stoped the firewall and my winodws xp are (english), but im not sure how to check if exploit is the write language?


    Tr00G33k

  8. #8

    Default

    have you enabled the netware client? that isnt enabled by default.

  9. #9
    Junior Member 0tt0v0nc4t's Avatar
    Join Date
    Mar 2008
    Posts
    69

    Default

    I'm not sure which exploits fast-track uses but if you can spawn shells with auto pwn, you use the -v switch with sessions -l to view what exploit spawned the shell.

    Just run autopwn and when you get your shell type
    Code:
    sessions -l -v
    After you know exactly what is getting your shell you can open up the msf console and try to configure the options and launch the exploit yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •