Opening/Closing Ports in Backtrack 4

[Nikolas]

Hi! I started reading into Metasploit a year back and have learnt a great deal, (althought all attacks based on some sort of exploit has not been successful) I Recently saw Offsec, posted a free course on Metasploit which I have read through a few times and tried some of the attacks. One that got my attention was an attack which makes a blank pdf document with a payload scripted into it. as I open exploit/multi/handler and filled in the information, I realized I wasnt sure on what to write for LPORT I did an nmap scan on my machine and found all ports closed. So My question is:
How Do I Open a port which I can then listen to an inbound connection from the hidden payload?
I thought nc -l (port number) would do the trick but when I hit enter nothing happens at all.
Thanks for your time! I hope it wasn't too much detail.
Nikolas

[parrotface]

look at metersploit unleased LPORT 31337 works in client side attacks and gets a meterpreter session.

I am currently trying to send an embeded PDF as an Email attachment without success but I have got a session working across the internet using port forwarding. I just now need to find a way of delivering to the client.

[Nikolas]

I have no problem delivering the pdf but when opend (with multi/handler running) I get no connection from the payload. this can only be becuase the port is closed (I don't know if it's supposed to open what ever port I list under LPORT or not)

I'll try doing just that and I'll post back the results.
Nikolas

I tried listing LPORT as 31337 but it made no differnece. I'm not an expert on networks and such but multi/handler gets no connection (it stops at Starting the Payload handler...) while the handler was running I did an nmap scan on my machine and port 31337 was infact open! (with 'Elite' listed as the service and listed 'open' as well) then I did a scan of the target machine. The scan came back with one open port (5357)
Maybe I have to list my LPORT as one of the targets open ports?
e.g. Target machine has port 4232 open, so when making the PDF and running the handler I have to list 4232 as my LPORT but for some reason I don't think it will open, as I said im not an expert on network.
Nikolas

[macphail]

...
So My question is:
How Do I Open a port which I can then listen to an inbound connection from the hidden payload?

as to that, it's not difficult at all to control your ports once you become familiar with iptables in general;
https://help.ubuntu.com/community/IptablesHowTo

feel free to research netfilters if you are feeling particularly ambitious;
netfilter/iptables project homepage - The netfilter.org project

and maybe ufw as a simple means to your end, if you like;
Ubuntu Manpage: ufw - program for managing a netfilter firewall

good luck with that...

[lupin]

I suggest you try and follow the example exercise more closely rather than trying to work it out on your own. When you get it working, then perform a packet capture of the network traffic generated and study it til you understand what its doing. Then you may be able to modify the exercise to try other things.

You may also want to read up more on networking, in particular to develop a clearer understanding of what "closed" and "open" ports actually represent. You have made a number of bad assumptions in this thread that are stemming from these misunderstandings.

[Nikolas]

Oh thanks, this stuff worth knowing, ill read into it for sure.
Do you happen to know anything about using the multi/handler exploit?

The only thing I modified from the original example was the LHOST and LPORT but yes I will definitely read up on networking! But would you be so kind and point me in the direction of why the multi/handler doesn't receive a connection from the payload?
Thanks, Nikolas

[lupin]

Oh thanks, this stuff worth knowing, ill read into it for sure.
Do you happen to know anything about using the multi/handler exploit?

The only thing I modified from the original example was the LHOST and LPORT but yes I will definitely read up on networking! But would you be so kind and point me in the direction of why the multi/handler doesn't receive a connection from the payload?
Thanks, Nikolas

I know plenty about the multi/handler in Metasploit. There are a number of reasons why it may not be working, mostly relating to how the exploit on the client is configured. Is the client vulnerable to the exploit you are trying, and have you set the payload parameters properly? Right here is where some networking knowledge and knowledge of how exploits work would help immensely in troubleshooting.

[Nikolas]

Well I did some reading about networks and I actually found a video of someone performing the same client side attack and it explains that the port you enlist must be port forwarded properly, only problem is that I don't use a router (for the time being) I use a dial up modem which of course has no firewall built in and no port forwarding options. I'm not quire sure if that means the attack can't possibly be performed or not but when I get back home I'll port forward the port I enlist under LPORT. Thanks a lot for the support!
Nikolas

Oh I forgot to mention. I generated a binary payload and executed it and the multi/handler picked it up! when I use the buffer overflow used in the free metasploit course I get nothing. I also tried using an adobe memmory coppruption exploit (I saw a guy doing it on youtube so I thought I'd give it a shot) and I got nothing either!
I noticed that whenever I use multi/handler to listen for a connection from a pdf I get
"Handler failed to bind to [IP address]:[Port Number] What does this mean?
Nikolas

PS! I know I post a lot without thinking it through, and I apoligize for any inconvenience that could have caused, I am just a bit eager.

[lupin]

Well I did some reading about networks and I actually found a video of someone performing the same client side attack and it explains that the port you enlist must be port forwarded properly, only problem is that I don't use a router (for the time being) I use a dial up modem which of course has no firewall built in and no port forwarding options. I'm not quire sure if that means the attack can't possibly be performed or not but when I get back home I'll port forward the port I enlist under LPORT. Thanks a lot for the support!
Nikolas

Port forwarding is only relevant if you're attempting to communicate to your handler over NAT. If you're testing on a local network its not necessary. Here is where understanding of TCP/IP would help.

Oh I forgot to mention. I generated a binary payload and executed it and the multi/handler picked it up! when I use the buffer overflow used in the free metasploit course I get nothing. I also tried using an adobe memmory coppruption exploit (I saw a guy doing it on youtube so I thought I'd give it a shot) and I got nothing either!

It could be that your test system is not vulnerable. Try using a different payload for the exploit, like running calc.exe, and see if that works.

I noticed that whenever I use multi/handler to listen for a connection from a pdf I get
"Handler failed to bind to [IP address]:[Port Number] What does this mean?
Nikolas

It usually would mean that you already have a service listening on that particular IP address/port combination. It can also occur when you don't have sufficient system privileges. Remember I mentioned that I thought you needed to develop a clearer understanding of what open and closed ports actually represent? That's relevant to this issue as well.

PS! I know I post a lot without thinking it through, and I apoligize for any inconvenience that could have caused, I am just a bit eager.

Thinking things through is a good habit to learn - its a skill that will serve you well, and not just here.

[Nikolas]

Thanks for the help. I better read a bit more about networks and TCP/IP.
Nikolas

so just to be clear, If I attack a system on a completly different network and I want the Payload and Listener to use port e.g. 4444 I will have to forward it?