Results 1 to 6 of 6

Thread: Karmetasploit HTTP redirect Not Working (Ports 445 and 139 Blocked!?)

  1. #1
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default Karmetasploit HTTP redirect Not Working (Ports 445 and 139 Blocked!?)

    Hello everyone. I've gotten everything for karmetasploit set up, running on a Ubiquiti Atheros card. Everything is working fine except for port 80 redirecting (yes, /proc/sys/net/ipv4/ipv4_forward is set to 1), in this case the error coming from ports 139 and 445 being blocked on the target machine (Vista SP1 IE 8):

    (had to mark out "h**p" because of the forum rules)
    [*] H REQUEST 10.0.0.100 > yahoo:80Yahoo! GET / Windows IE 8.0 cookies=B=0hb5ab5359c9i&b=4&d=pxyvJL5pYELrtNbL9mYP .EFvXQndd9S0CfBKBQ--&s=56; SO=v=0.4&t=1303651226; YLS=v=1&p=0&n=0; F=a=dW5HnH4MvT42zkB6DQxmCFGetMOZBIRFflG5_T_ivyMxQG gd0f.1EYJngvVvqoeTWxgCqNnyAWXTPdROSsO._FlQaG1D70PM CYvJCV056Vywss3RxXIQd4Cnz6_6hkw-&b=oBHH; C=mg=1; Q=q1=AACAAAAAAAAAAA--&q2=SNVWog--; __qca=1221344785-77341801-58904131; YSC=0; U=mt=gZQwvZ2MhYl0yMWlOcvu3Q5lWxfWjhjtOtSuuqg-&ux=BXd6JB&un=9kg9lqian9812; CP=v=70204&br=i&pc=hptb&tguid=098b16c098246470c675 92eca441d70c&optclk=0; PH=fn=k31J6lLy0JDJMDGp8HA-&l=en-US; FPS=dl; FPMY=1[*] H REQUEST 10.0.0.100 > yahoo:80 GET / Windows IE 8.0 cookies=B=0hb5ab5359c9i&b=4&d=pxyvJL5pYELrtNbL9mYP .EFvXQndd9S0CfBKBQ--&s=56; SO=v=0.4&t=1303651226; YLS=v=1&p=0&n=0; F=a=dW5HnH4MvT42zkB6DQxmCFGetMOZBIRFflG5_T_ivyMxQG gd0f.1EYJngvVvqoeTWxgCqNnyAWXTPdROSsO._FlQaG1D70PM CYvJCV056Vywss3RxXIQd4Cnz6_6hkw-&b=oBHH; C=mg=1; Q=q1=AACAAAAAAAAAAA--&q2=SNVWog--; __qca=1221344785-77341801-58904131; YSC=0; U=mt=gZQwvZ2MhYl0yMWlOcvu3Q5lWxfWjhjtOtSuuqg-&ux=BXd6JB&un=9kg9lqian9812; CP=v=70204&br=i&pc=hptb&tguid=098b16c098246470c675 92eca441d70c&optclk=0; PH=fn=k31J6lLy0JDJMDGp8HA-&l=en-US
    [-] Error connecting to 10.0.0.100:445 Rex::ConnectionTimeout The connection timed out (10.0.0.100:445).
    [-] Error connecting to 10.0.0.100:139 Rex::ConnectionTimeout The connection timed out (10.0.0.100:139).
    [-] Could not connect to the target host (10.0.0.100), the target may be firewalled.[*] DNS 10.0.0.100:5353 XID 0 ()

    Could anyone help me to dissect this problem? Thank you very much!

  2. #2
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    disable firewall on the "victim"?

  3. #3
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default

    Quote Originally Posted by xorred View Post
    disable firewall on the "victim"?
    This isn't very practical, though.

  4. #4
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Sure it is, just walk over to your test box and click disable.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  5. #5
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default

    Quote Originally Posted by vvpalin View Post
    Sure it is, just walk over to your test box and click disable.
    This isn't very realistic in a penetration testing scenario.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by dominatus View Post
    This isn't very realistic in a penetration testing scenario.
    No it's not but encountering a machine where the ports are blocked is. Therefore rendering this thread completely pointless...

    @ dominatus

    On the "victim" machine if you do a "netstat -an" do you see something like:
    Code:
    C:\>netstat -an
    
    Active Connections
    
      Proto  Local Address          Foreign Address        State
      TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
      TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
    ...
      UDP    0.0.0.0:445            *:*
    ...
      UDP    192.22.253.161:137     *:*
      UDP    192.22.253.161:138     *:*
    Or anything regarding ports 445 or 139?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •