Results 1 to 10 of 10

Thread: Metasploit issues!

  1. #1
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    9

    Exclamation Metasploit issues!

    Hi there,

    I am learning about penetration testing, i have set up a Windows Server 2003 R2 Enterprise virtual machine.

    It is relatively unpatched (vulnerable to ms08-067), no antivirus, windows firewall, After a Nessus scan a few of these vulnerabilities were shown.

    When i use fast-track.py to exploit this vulnerability (ms08-067) i immediately get a shell running as system. However, i would like to use meterpreter for all of its features than a simple netcat of cmd.exe and fasttrack provides no way to change the payload.

    So i try to exploit the machine using Metasploit, using the appropriate settings, Using exploit: ms08_067_netapi, windows/meterpreter/bind_tcp OR reverse_tcp OR a simple bind shell (to test) however i get the following error:

    Code:
    Exploit target:
    
       Id  Name
       --  ----
       9   Windows 2003 SP2 English (NX)
    
    
    msf exploit(ms08_067_netapi) > exploit
    [*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler
    [-] Exploit failed: The server responded with error: STATUS_OBJECT_NAME_NOT_FOUND (Command=162 WordCount=0)[*] Exploit completed, but no session was created.
    OR when trying to use SRVSVC:



    Code:
    Exploit target:
    
       Id  Name
       --  ----
       9   Windows 2003 SP2 English (NX)
    
    
    msf exploit(ms08_067_netapi) > exploit
    [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Exploit completed, but no session was created.

    When setting the target manually the exploit also fails as it cannot determine the language pack!

    Please could somebody shed some light on this issue? is the metasploit exploit working correctly on R2? (Latest SVN)

    Thanks,

    Joe

  2. #2
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    only a guess, but read about the "target" command, I remember that you can specify the language pack somehow there
    Auswaertsspiel

  3. #3
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    9

    Default

    Thanks for the reply,

    I have selected Windows Server 2003 SP2 (ENGLISH) as a target as it most closely matches what i have but it still wont work!

    Can anyone shed some light on this issue?

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Re-patch the fasttrack exploit with a meterpreter shellcode (or d/l one from milw0rm and do it yourself), then figure out how to set up a multi/handler - see the metasploit documentation from offensive security for a howto on that. That way you can manually run your exploit, you can figure out what are bad characters and what are not, and you will get a better idea of how these things operate.

    Metasploit is an excellent tool to use, but if you can't do the basics it's going to be a lot harder with it in the long run.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #5
    Junior Member
    Join Date
    Mar 2009
    Posts
    39

    Default

    Quote Originally Posted by Joes100 View Post
    Hi there,

    I am learning about penetration testing, i have set up a Windows Server 2003 R2 Enterprise virtual machine.

    It is relatively unpatched (vulnerable to ms08-067), no antivirus, windows firewall, After a Nessus scan a few of these vulnerabilities were shown.

    When i use fast-track.py to exploit this vulnerability (ms08-067) i immediately get a shell running as system. However, i would like to use meterpreter for all of its features than a simple netcat of cmd.exe and fasttrack provides no way to change the payload.

    So i try to exploit the machine using Metasploit, using the appropriate settings, Using exploit: ms08_067_netapi, windows/meterpreter/bind_tcp OR reverse_tcp OR a simple bind shell (to test) however i get the following error:

    Code:
    Exploit target:
    
       Id  Name
       --  ----
       9   Windows 2003 SP2 English (NX)
    
    
    msf exploit(ms08_067_netapi) > exploit
    [*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler
    [-] Exploit failed: The server responded with error: STATUS_OBJECT_NAME_NOT_FOUND (Command=162 WordCount=0)[*] Exploit completed, but no session was created.
    OR when trying to use SRVSVC:



    Code:
    Exploit target:
    
       Id  Name
       --  ----
       9   Windows 2003 SP2 English (NX)
    
    
    msf exploit(ms08_067_netapi) > exploit
    [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Exploit completed, but no session was created.

    When setting the target manually the exploit also fails as it cannot determine the language pack!

    Please could somebody shed some light on this issue? is the metasploit exploit working correctly on R2? (Latest SVN)

    Thanks,

    Joe
    You have to "set LANG english". (without quotes). Its kinda funny how linux basically gives you the answer right in front of you and yet people still don't know how to comprehend what it is saying. I'm saying that comment in general Joe100.
    They ran this hack in V.M.O., so I'm isolating the A.P.I., and just booting the host. -Matthew Farrell

  6. #6
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    9

    Default

    I have tried "set LANG english", the exploit still fails.

    I am working on incorporating the shellcode for meterpreter reverse_tcp into the fast-track.py file as it is the current only alternative i can see.

    If anyone else has any ideas with this they would be most appreciated. Thanks.

  7. #7
    Junior Member
    Join Date
    Mar 2009
    Posts
    39

    Default

    Your positive the firewall is down and set all the right variables for the exploit?
    They ran this hack in V.M.O., so I'm isolating the A.P.I., and just booting the host. -Matthew Farrell

  8. #8
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    9

    Default

    Yes, the windows firewall is disabled and everything is set when i run "show options".

    Im stuck! Has nobody ever had this issue before!

    I have googled this for hours, there are a few of the same issue but seemingly no responses to it!

  9. #9
    Junior Member Isohump's Avatar
    Join Date
    Sep 2009
    Posts
    63

    Default

    did u try msfconsole without using fast-track.py

  10. #10
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    9

    Default

    Yep, seems to make absolutely no sense!

    I can't work out how to substitute the payload in the fast-track script either as meterpreter is a much larger staged payload

    I may just give up with this!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •