Results 1 to 4 of 4

Thread: ms06_025_rras Will Not Bind - help

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010


    I am taking my first faltering steps with this so please be gentle !!

    Can anyone tell me what is happening please ? 2 PCs on same network - target = [XP with SP1 only], Host =, No firewalls or virus software running on either.
    Extracts from terminal :

    msf exploit(ms06_025_rras) > show options
    Module options:
    Name Current Setting Required Description
    ---- --------------- -------- -----------
    RHOST yes The target address
    RPORT 445 yes Set the SMB service port
    SMBPIPE SRVSVC yes The pipe name to use (ROUTER, SRVSVC)

    Payload options (windows/shell_bind_tcp):
    Name Current Setting Required Description
    ---- --------------- -------- -----------
    EXITFUNC thread yes Exit technique: seh, thread, process
    LPORT 4444 yes The local port
    RHOST no The target address

    Exploit target:
    Id Name
    -- ----
    1 Windows XP SP1

    msf exploit(ms06_025_rras) > exploit

    * Started bind handler
    * Binding to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_np:[\SRVSVC] ...
    [-] Exploit failed: Could not bind to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_np:[\SRVSVC]
    * Exploit completed, but no session was created.

    msf exploit(ms06_025_rras) >

    I get EXACTLY the same result if the target has NO SPs or just SP1. Also same result if I try a reverse shell payload [windows/shell_reverse_tcp]. Have run the same exploits from Linux and Windows and STILL get same result.

    Could someone point me in the right direction please ? Thanks.


    All sorted.
    I wasnt getting a bind because not all Windows SP1 boxes have the Remote Access Connection Manager service up and running.
    My target was set to 'Manual'. When the service was started the exploit worked as it was intended.

  2. #2


    Try to use other Payloads, or an other Exploit.
    Use the Nessus Vulnerability Scanner to find out.
    Then load it to Metasploit, it will show you the probably working exploits on your victim machine

  3. #3
    Moderator fancy's Avatar
    Join Date
    Jan 2010


    As HD already outlined:

    This message indicates that the target RPC service was not available; is
    RRAS setup on these machines? This is a service you generally have to
    configure manually before exploiting it becomes possible.

  4. #4
    Just burned his ISO
    Join Date
    Feb 2010


    just as they mentioned . you may want to try another exploit. another reason why you might not be getting any results, may be due to the fact that on the port that youre suppost too be receiving a shell. that specific port may be closed. therefore you may want to look into "port forwarding".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts