Results 1 to 7 of 7

Thread: Can't run execute and exploits with Metasploit

  1. #1
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    12

    Default Can't run execute and exploits with Metasploit

    Hi,
    I have learnt about Metasploit recently through their website and on this forum. I have read loads of documentation but I can’t find out why the exploits won’t work...well to be more exact it looks like it is running the exploit but not executing the payload. I am not using my own exploits; I am using the built ones. Here is an example:
    I run Metapsploit on my Back Track 4 live DVD.
    The exploits I have used are the ones that are apparently still vulnerable like browser ones.
    I used:
    windows/browser/realplayer_console
    windows/browser/ani_loadimage_chunksize
    as well as other universal ones.

    I have now resorted to the absolute basics just to test whether it is successful. With each different exploit I try I choose to deliver the payload “windows/exec”. The command I choose to execute is just a simple IPconfig to a text file and drop it in the C drive on the target PC (ipconfig > c:\meta.txt).
    These exploits all exploit the browser so it sets up a fake http service which I then connect to using different browsers from the target machine. As soon as the target machine connects I see a message from the metasploit console (or metasploit gui) saying it is sending the exploit to the machine. From what I understand this means the exploit is actually working but not delivering the payload?
    Some info about the target machine:
    XP Pro SP3
    Windows firewall disabled.
    NOD32 anti virus but this is disabled for testing (when it was enabled it detected every exploit attempt).

    No matter what payload I run it never works. There is no text file on the C drive.
    Maybe these exploits don’t work anymore but I thought that if the console says it has sent the exploit then it does work?
    Can anyone help please and point me in the right direction.
    I am wondering whether there is something obvious I have missed.
    Thanks,

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Removed the bold from your post, we can read quite well without it thanks.

    As to your question, why don't you read some of the links referenced in those exploits you are using. The notices for the associated vulnerabilities are there, and they will let you know which particular software versions are vulnerable.

    Here are links to the code for the exploits you mentioned if you don't want to find them in your Metasploit install.
    Metasploit Framework - /modules/exploits/windows/email/ani_loadimage_chunksize.rb - Metasploit Redmine Interface
    Metasploit Framework - /modules/exploits/windows/browser/realplayer_console.rb - Metasploit Redmine Interface
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    12

    Default

    If you read my post again you will see that my questions wasn't whether the exploit will work with certain browsers, I was asking whether the exploit is working when the console says it has sent the exploit or does this simply mean it has sent the exploit but it doesn't mean it has been successful?

    I see what you mean now though by reading the links you sent about it only working on certain browsers and OS's. I already knew to check this but I thought when you chose the "Automatic" option this meant it was universal. I tihnk this is where i went wrong so thanks for this.

    Sorry about the bold text, I copied and pasted from Word, didn't notice it was in bold.

    Also When I run the Metasploit gui and go to set up the ANI_loadimage exploit one of the options is Fireforx on Windows XP. This meets the criteria for my test machine but the payload doesn't execute?

  4. #4
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    The victim has to open the ani file, it won't be executed automatically since it is nothing to send to a listening service.
    Tiocfaidh ár lá

  5. #5
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    12

    Default

    thanks Dave.
    But I thought this was all automated through the fake http service?
    I can't see how this exploit is useful if the victim must manually execute the file.
    When running the exploit Metasploit tells me it has dumped a random exe name to the %temp% folder. How would the victim execute this if it is not automated? I find it hard to believe that anyone would go into the %temp% folder and run an exe. Am I missing something?

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Mucker View Post
    thanks Dave.
    But I thought this was all automated through the fake http service?
    I can't see how this exploit is useful if the victim must manually execute the file.
    When running the exploit Metasploit tells me it has dumped a random exe name to the %temp% folder. How would the victim execute this if it is not automated? I find it hard to believe that anyone would go into the %temp% folder and run an exe. Am I missing something?
    One of the ways in which the victim opens the ani file is by visiting a malicious web site, in this case the http service run by Metasploit. The ani exploit won't work on XP SP3 however, which is what I was getting at in my previous post. When Metasploit says it is sending the exploit it just means that it is sending the exploit to the remote system, it doesn't mean that it has worked.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    12

    Default

    Ahh..OK thanks.
    That is where I was going wrong. I thought when it said it had sent the exploit, it was successful.
    Cheers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •