Anyone familiar with Metasploit's ani_loadimage_chunksize?
Ok, first of all, before I get n00b spammed, I don't usually ask for help and I'm known to search google for hours trying to find an answer. Second, I'm sorry if this is the wrong forum. Now to my problem, I'm using metasploit framework 3.2 and I'm trying to use the ani_loadimage_chunksize exploit. It seems compatible with the target PC I'm testing, but I'm having problems with the settings. I've got MAILTO, MAILSUBJECT and MAILFROM all set up, but I'm a little confused with the RHOST and RPORT settings... At first, I figured it is supposed to be the local IP (192.168.1.15) and I kept the port at the default 25, but this was the response:
01:11:41 - ani_loadimage_chunksize[*] Started reverse handler
01:12:11 - ani_loadimage_chunksize[*] Connecting to SMTP server 192.168.1.15:25...
01:12:12 - ani_loadimage_chunksize [-] Exploit failed: The connection was refused by the remote host (192.168.1.15:25).
When that didn't work, I tried many combinations including my external IP (68.63.?.?) and changed the port to every port Outlook uses (25, 587, 110) but it's the same every time...
Is anyone here familiar with this exploit, and if so, what settings have you been sucessful with?
RE: Anyone familiar with Metasploit's ani_loadimage_chunksize?
You will want to set the RHOST to an MTA. For example, if I want to send this exploit to user@companyA.com, and they have an mx for that domain (mail.companya.com), then I will specify that host as the RHOST. I believe that you can specify an open SMTP relay as well, such as your ISP's mail relay. Also, in order for them to connect back to you, you will either need to place your box on the Internet or behind a firewall with a destination NAT pointed back to your box. Otherwise, the victim will not be able to comm back to you.