Results 1 to 7 of 7

Thread: opening port 4444

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    18

    Default opening port 4444

    hey there.

    from day to day i learn more and more about linux but i'm confused about this one.

    when i attack my local xp machines using metasploit, it always freezes at "sending the exploit" or "triggering the vulnerability".

    my LPORT is set to 4444 but i haven't opened port 4444 using iptables.
    maybe that's my problem? nmap shows that port 4444 is closed, but someone here posted that all ports are open in BT3.

    what am i missing?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by propercoil View Post
    hey there.

    from day to day i learn more and more about linux but i'm confused about this one.

    when i attack my local xp machines using metasploit, it always freezes at "sending the exploit" or "triggering the vulnerability".

    my LPORT is set to 4444 but i haven't opened port 4444 using iptables.
    maybe that's my problem? nmap shows that port 4444 is closed, but someone here posted that all ports are open in BT3.

    what am i missing?
    The answer to what you are missing depends on what payload you are using and whether the XP target is vulnerable to the exploit you have tried.

    Id suggest you start off with a basic step by step Metasploit tutorial first so you can see how to get it to work successfully, and then do a bit more research on how Metasploit works until you understand how it works on a basic level.

    Also, just completely disable all iptables filtering when you are working with exploits (at least until you understand exactly what it does). There is no iptables filtering by default in BackTrack - so all ports are not filtered, which is not quite the same thing as saying they are open. Conequently, you only need to worry about this if you have configured iptables rules or you are using another Linux distro which has a firewall enabled by default.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    18

    Default lupin thanks for the fast answer

    i'm deep into metasploit for the past month and i know how metasploit works on a basic level. except reading books about metasploit, i have read dozens of tutorials and have seen alot of video tutorials and i know there is something that i'm missing that is not covered in all of them.

    the exploit i'm trying to use currently is msvidctl_mpeg2. i tried to set the generic payload, meterperter bind and reverse, vnc bind and reverse and actually half of them.

    the same thing happens. it freezes when it is sending the exploit. on the victims machine you can see the source code of the exploit and a warning down bottom "Access denied" on line 15 and that's about it.

    the same freeze happens with all the other exploits...
    don't know what is wrong

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by propercoil View Post
    i'm deep into metasploit for the past month and i know how metasploit works on a basic level. except reading books about metasploit, i have read dozens of tutorials and have seen alot of video tutorials and i know there is something that i'm missing that is not covered in all of them.

    the exploit i'm trying to use currently is msvidctl_mpeg2. i tried to set the generic payload, meterperter bind and reverse, vnc bind and reverse and actually half of them.

    the same thing happens. it freezes when it is sending the exploit. on the victims machine you can see the source code of the exploit and a warning down bottom "Access denied" on line 15 and that's about it.

    the same freeze happens with all the other exploits...
    don't know what is wrong
    Assuming you are doing everything else correctly it sounds like the machine you are trying to attack isn't vulnerable to the exploits you are using.

    On an unpatched XP SP2 machine Ive been able to use the following client side exploits successfully, why don't you try one of them?
    • ani_loadimage_chunksize
    • ms06_013_createtextrange
    • ms06_001_wmf_setabortproc
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    18

    Default

    ms06_013_createtextrange dosen't work with meterperter and shell bind and the reverse.

    i'm getting something from ms06_001_wmf_setabortproc - the victim is receiving my exploit and when he opens it it's an image X. unfortunately this exploit is for ie6 and the victim has ie7 so it's irrelevant.

    ani_loadimage_chunksize looks relevant. the target could be:
    Code:
    msf exploit(ani_loadimage_chunksize) > set PAYLOAD windows/shell/bind_tcp
    PAYLOAD => windows/shell/bind_tcp
    msf exploit(ani_loadimage_chunksize) > show options
    
    Module options:
    
       Name     Current Setting  Required  Description
       ----     ---------------  --------  -----------
       SRVHOST  10.0.0.7         yes       The local host to listen on.
       SRVPORT  8080             yes       The local port to listen on.
       SSL      false            no        Use SSL
       URIPATH  goal.html        no        The URI to use for this exploit (default is random)
    
    
    Payload options (windows/shell/bind_tcp):
    
       Name      Current Setting  Required  Description
       ----      ---------------  --------  -----------
       EXITFUNC  process          yes       Exit technique: seh, thread, process
       LPORT     4444             yes       The local port
       RHOST                      no        The target address
    
    
    Exploit target:
    
       Id  Name
       --  ----
       0   (Automatic) IE6, IE7 and Firefox on Windows NT, 2000, XP, 2003 and Vista
    do you know what payloads are good to use with this exploit?
    i'm gonna try it now and i'll post my results.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by propercoil View Post
    do you know what payloads are good to use with this exploit?
    I used windows/exec when I tried it.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Just out of curiosity, what level of XP is this (how patched it it)?
    Thorn
    Stop the TSA now! Boycott the airlines.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •