opening port 4444

**propercoil** · 07-28-2009, 07:59 PM

hey there.

from day to day i learn more and more about linux but i'm confused about this one.

when i attack my local xp machines using metasploit, it always freezes at "sending the exploit" or "triggering the vulnerability".

my LPORT is set to 4444 but i haven't opened port 4444 using iptables.
maybe that's my problem? nmap shows that port 4444 is closed, but someone here posted that all ports are open in BT3.

what am i missing?

**lupin** · 07-29-2009, 12:16 AM

Originally Posted by propercoil

hey there.

from day to day i learn more and more about linux but i'm confused about this one.

when i attack my local xp machines using metasploit, it always freezes at "sending the exploit" or "triggering the vulnerability".

my LPORT is set to 4444 but i haven't opened port 4444 using iptables.
maybe that's my problem? nmap shows that port 4444 is closed, but someone here posted that all ports are open in BT3.

what am i missing?

The answer to what you are missing depends on what payload you are using and whether the XP target is vulnerable to the exploit you have tried.

Id suggest you start off with a basic step by step Metasploit tutorial first so you can see how to get it to work successfully, and then do a bit more research on how Metasploit works until you understand how it works on a basic level.

Also, just completely disable all iptables filtering when you are working with exploits (at least until you understand exactly what it does). There is no iptables filtering by default in BackTrack - so all ports are not filtered, which is not quite the same thing as saying they are open. Conequently, you only need to worry about this if you have configured iptables rules or you are using another Linux distro which has a firewall enabled by default.

**propercoil** · 07-29-2009, 03:43 AM

i'm deep into metasploit for the past month and i know how metasploit works on a basic level. except reading books about metasploit, i have read dozens of tutorials and have seen alot of video tutorials and i know there is something that i'm missing that is not covered in all of them.

the exploit i'm trying to use currently is msvidctl_mpeg2. i tried to set the generic payload, meterperter bind and reverse, vnc bind and reverse and actually half of them.

the same thing happens. it freezes when it is sending the exploit. on the victims machine you can see the source code of the exploit and a warning down bottom "Access denied" on line 15 and that's about it.

the same freeze happens with all the other exploits...
don't know what is wrong

**lupin** · 07-29-2009, 04:11 AM

Originally Posted by propercoil

i'm deep into metasploit for the past month and i know how metasploit works on a basic level. except reading books about metasploit, i have read dozens of tutorials and have seen alot of video tutorials and i know there is something that i'm missing that is not covered in all of them.

the exploit i'm trying to use currently is msvidctl_mpeg2. i tried to set the generic payload, meterperter bind and reverse, vnc bind and reverse and actually half of them.

the same thing happens. it freezes when it is sending the exploit. on the victims machine you can see the source code of the exploit and a warning down bottom "Access denied" on line 15 and that's about it.

the same freeze happens with all the other exploits...
don't know what is wrong

Assuming you are doing everything else correctly it sounds like the machine you are trying to attack isn't vulnerable to the exploits you are using.

On an unpatched XP SP2 machine Ive been able to use the following client side exploits successfully, why don't you try one of them?

ani_loadimage_chunksize
ms06_013_createtextrange
ms06_001_wmf_setabortproc

**propercoil** · 07-29-2009, 11:57 AM

ms06_013_createtextrange dosen't work with meterperter and shell bind and the reverse.

i'm getting something from ms06_001_wmf_setabortproc - the victim is receiving my exploit and when he opens it it's an image X. unfortunately this exploit is for ie6 and the victim has ie7 so it's irrelevant.

ani_loadimage_chunksize looks relevant. the target could be:

Code:

msf exploit(ani_loadimage_chunksize) > set PAYLOAD windows/shell/bind_tcp
PAYLOAD => windows/shell/bind_tcp
msf exploit(ani_loadimage_chunksize) > show options

Module options:

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SRVHOST  10.0.0.7         yes       The local host to listen on.
   SRVPORT  8080             yes       The local port to listen on.
   SSL      false            no        Use SSL
   URIPATH  goal.html        no        The URI to use for this exploit (default is random)


Payload options (windows/shell/bind_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, process
   LPORT     4444             yes       The local port
   RHOST                      no        The target address


Exploit target:

   Id  Name
   --  ----
   0   (Automatic) IE6, IE7 and Firefox on Windows NT, 2000, XP, 2003 and Vista

do you know what payloads are good to use with this exploit?
i'm gonna try it now and i'll post my results.

**lupin** · 07-30-2009, 01:10 AM

Originally Posted by propercoil

do you know what payloads are good to use with this exploit?

I used windows/exec when I tried it.

**Thorn** · 07-30-2009, 01:19 AM

Just out of curiosity, what level of XP is this (how patched it it)?

BackTrack Linux - Penetration Testing Distribution

Thread: opening port 4444

Thread Tools

Search Thread

Display

opening port 4444

lupin thanks for the fast answer

Posting Permissions