Results 1 to 5 of 5

Thread: MassClientSide attack pentest

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    4

    Default MassClientSide attack pentest

    Hello all,
    Last night I was playing around with the mass client side attack using a vulnerable Windows XP sp2 box and my BT4 linux live CD. Im farely new to BT4 and am still studying it and learning the ins and outs. Im not new to Linux and have been studying metasploit and BT too. .

    So my predicament is I made multiple connections from the vulnersble box, sessions command showed 8 shells open from my BT4 to the vuln box. Now how do I connect to the shell? I have tried everything it seems:
    connect IP Port
    connect -z IP Port
    connect -S -P IP Port

    And many more connect commands. Do I need to use Netcat? I was using a generic Bind shell as the payload. The only commands that seem to go through keep saying,"connection refused by foreign host". How is that possible? Netstat shows the connections on the vulnerable XP box and as stated sessions shows 8 shells open..?

    Also, sorry to ask so many questions,but can I run commands on a normal bind shell to Windows from Linux or do I need the meterpreter? I dont know because I have exploited many flaws which have returned the connections, but can never actually connect to a shell??

    Thanks in advance.

  2. #2
    Just burned his ISO Wolfheart's Avatar
    Join Date
    Dec 2009
    Posts
    19

    Smile

    Metasploit unleashed Wicked tutorial. I would start from scratch with your xp machine.

  3. #3
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    If you're working within the framework you ought to be to list them with:

    sessions -l (that's a L)
    sessions -i (to interact, followed by the number)

    Also check out the Metasploit Unleashed course as mentioned.

    http://www.offensive-security.com/metasploit-unleashed/

  4. #4
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    4

    Default

    Quote Originally Posted by Lincoln View Post
    If you're working within the framework you ought to be to list them with:

    sessions -l (that's a L)
    sessions -i (to interact, followed by the number)
    Tried that, showed 8 sessions open.

    Quote Originally Posted by Lincoln View Post
    Also check out the Metasploit Unleashed course as mentioned.

    Thats what im talking about! Just want I need, thanks guys


    I have been downloading every pdf I can find on the Framework, but havent found much along the lines of BT4. This is great and should keep me busy for a little while.

  5. #5
    Just burned his ISO Wolfheart's Avatar
    Join Date
    Dec 2009
    Posts
    19

    Default

    "I have been downloading every pdf I can find on the Framework, but havent found much along the lines of BT4. This is great and should keep me busy for a little while."

    Lol Make sure you read MSU. In particular the part about injecting malicious code in pdf files.


    Peace

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •