Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Opening/Closing Ports in Backtrack 4

  1. #1
    Banned
    Join Date
    Jul 2010
    Posts
    7

    Default Opening/Closing Ports in Backtrack 4

    Hi! I started reading into Metasploit a year back and have learnt a great deal, (althought all attacks based on some sort of exploit has not been successful) I Recently saw Offsec, posted a free course on Metasploit which I have read through a few times and tried some of the attacks. One that got my attention was an attack which makes a blank pdf document with a payload scripted into it. as I open exploit/multi/handler and filled in the information, I realized I wasnt sure on what to write for LPORT I did an nmap scan on my machine and found all ports closed. So My question is:
    How Do I Open a port which I can then listen to an inbound connection from the hidden payload?
    I thought nc -l (port number) would do the trick but when I hit enter nothing happens at all.
    Thanks for your time! I hope it wasn't too much detail.
    Nikolas

  2. #2
    Senior Member
    Join Date
    Jun 2007
    Location
    UK
    Posts
    175

    Default Re: Opening/Closing Ports in Backtrack 4

    look at metersploit unleased LPORT 31337 works in client side attacks and gets a meterpreter session.

    I am currently trying to send an embeded PDF as an Email attachment without success but I have got a session working across the internet using port forwarding. I just now need to find a way of delivering to the client.

  3. #3
    Banned
    Join Date
    Jul 2010
    Posts
    7

    Default

    I have no problem delivering the pdf but when opend (with multi/handler running) I get no connection from the payload. this can only be becuase the port is closed (I don't know if it's supposed to open what ever port I list under LPORT or not)

    I'll try doing just that and I'll post back the results.
    Nikolas

    I tried listing LPORT as 31337 but it made no differnece. I'm not an expert on networks and such but multi/handler gets no connection (it stops at Starting the Payload handler...) while the handler was running I did an nmap scan on my machine and port 31337 was infact open! (with 'Elite' listed as the service and listed 'open' as well) then I did a scan of the target machine. The scan came back with one open port (5357)
    Maybe I have to list my LPORT as one of the targets open ports?
    e.g. Target machine has port 4232 open, so when making the PDF and running the handler I have to list 4232 as my LPORT but for some reason I don't think it will open, as I said im not an expert on network.
    Nikolas
    Last edited by lupin; 07-26-2010 at 12:16 AM. Reason: Merging...

  4. #4
    Member macphail's Avatar
    Join Date
    Jun 2010
    Location
    East Coast, USA
    Posts
    164

    Default Re: Opening/Closing Ports in Backtrack 4

    Quote Originally Posted by Nikolas View Post
    ...
    So My question is:
    How Do I Open a port which I can then listen to an inbound connection from the hidden payload?
    as to that, it's not difficult at all to control your ports once you become familiar with iptables in general;
    https://help.ubuntu.com/community/IptablesHowTo

    feel free to research netfilters if you are feeling particularly ambitious;
    netfilter/iptables project homepage - The netfilter.org project

    and maybe ufw as a simple means to your end, if you like;
    Ubuntu Manpage: ufw - program for managing a netfilter firewall

    good luck with that...
    -----------
    ~peace
    MacPhail

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Opening/Closing Ports in Backtrack 4

    I suggest you try and follow the example exercise more closely rather than trying to work it out on your own. When you get it working, then perform a packet capture of the network traffic generated and study it til you understand what its doing. Then you may be able to modify the exercise to try other things.

    You may also want to read up more on networking, in particular to develop a clearer understanding of what "closed" and "open" ports actually represent. You have made a number of bad assumptions in this thread that are stemming from these misunderstandings.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Banned
    Join Date
    Jul 2010
    Posts
    7

    Default

    Oh thanks, this stuff worth knowing, ill read into it for sure.
    Do you happen to know anything about using the multi/handler exploit?

    The only thing I modified from the original example was the LHOST and LPORT but yes I will definitely read up on networking! But would you be so kind and point me in the direction of why the multi/handler doesn't receive a connection from the payload?
    Thanks, Nikolas
    Last edited by lupin; 07-26-2010 at 07:19 AM. Reason: Merging...

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Opening/Closing Ports in Backtrack 4

    Quote Originally Posted by Nikolas View Post
    Oh thanks, this stuff worth knowing, ill read into it for sure.
    Do you happen to know anything about using the multi/handler exploit?

    The only thing I modified from the original example was the LHOST and LPORT but yes I will definitely read up on networking! But would you be so kind and point me in the direction of why the multi/handler doesn't receive a connection from the payload?
    Thanks, Nikolas
    I know plenty about the multi/handler in Metasploit. There are a number of reasons why it may not be working, mostly relating to how the exploit on the client is configured. Is the client vulnerable to the exploit you are trying, and have you set the payload parameters properly? Right here is where some networking knowledge and knowledge of how exploits work would help immensely in troubleshooting.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Banned
    Join Date
    Jul 2010
    Posts
    7

    Default

    Well I did some reading about networks and I actually found a video of someone performing the same client side attack and it explains that the port you enlist must be port forwarded properly, only problem is that I don't use a router (for the time being) I use a dial up modem which of course has no firewall built in and no port forwarding options. I'm not quire sure if that means the attack can't possibly be performed or not but when I get back home I'll port forward the port I enlist under LPORT. Thanks a lot for the support!
    Nikolas

    Oh I forgot to mention. I generated a binary payload and executed it and the multi/handler picked it up! when I use the buffer overflow used in the free metasploit course I get nothing. I also tried using an adobe memmory coppruption exploit (I saw a guy doing it on youtube so I thought I'd give it a shot) and I got nothing either!
    I noticed that whenever I use multi/handler to listen for a connection from a pdf I get
    "Handler failed to bind to [IP address]:[Port Number] What does this mean?
    Nikolas

    PS! I know I post a lot without thinking it through, and I apoligize for any inconvenience that could have caused, I am just a bit eager.
    Last edited by lupin; 07-27-2010 at 07:55 AM. Reason: Mergy mergy

  9. #9
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Opening/Closing Ports in Backtrack 4

    Quote Originally Posted by Nikolas View Post
    Well I did some reading about networks and I actually found a video of someone performing the same client side attack and it explains that the port you enlist must be port forwarded properly, only problem is that I don't use a router (for the time being) I use a dial up modem which of course has no firewall built in and no port forwarding options. I'm not quire sure if that means the attack can't possibly be performed or not but when I get back home I'll port forward the port I enlist under LPORT. Thanks a lot for the support!
    Nikolas
    Port forwarding is only relevant if you're attempting to communicate to your handler over NAT. If you're testing on a local network its not necessary. Here is where understanding of TCP/IP would help.

    Quote Originally Posted by Nikolas View Post
    Oh I forgot to mention. I generated a binary payload and executed it and the multi/handler picked it up! when I use the buffer overflow used in the free metasploit course I get nothing. I also tried using an adobe memmory coppruption exploit (I saw a guy doing it on youtube so I thought I'd give it a shot) and I got nothing either!
    It could be that your test system is not vulnerable. Try using a different payload for the exploit, like running calc.exe, and see if that works.

    Quote Originally Posted by Nikolas View Post
    I noticed that whenever I use multi/handler to listen for a connection from a pdf I get
    "Handler failed to bind to [IP address]:[Port Number] What does this mean?
    Nikolas
    It usually would mean that you already have a service listening on that particular IP address/port combination. It can also occur when you don't have sufficient system privileges. Remember I mentioned that I thought you needed to develop a clearer understanding of what open and closed ports actually represent? That's relevant to this issue as well.

    Quote Originally Posted by Nikolas View Post
    PS! I know I post a lot without thinking it through, and I apoligize for any inconvenience that could have caused, I am just a bit eager.
    Thinking things through is a good habit to learn - its a skill that will serve you well, and not just here.
    Last edited by lupin; 07-28-2010 at 12:15 AM. Reason: Typo; more info
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  10. #10
    Banned
    Join Date
    Jul 2010
    Posts
    7

    Default

    Thanks for the help. I better read a bit more about networks and TCP/IP.
    Nikolas

    so just to be clear, If I attack a system on a completly different network and I want the Payload and Listener to use port e.g. 4444 I will have to forward it?
    Last edited by lupin; 07-29-2010 at 01:37 AM. Reason: Merging

Page 1 of 2 12 LastLast

Similar Threads

  1. Raw Ports?
    By Implicit in forum OLD General IT Discussion
    Replies: 2
    Last Post: 08-30-2009, 11:40 AM
  2. Firefox Browser keeps closing.
    By danez in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-04-2009, 02:58 PM
  3. Closing 'Listening' Ports in Back|Track
    By loftrat in forum OLD Newbie Area
    Replies: 5
    Last Post: 06-06-2007, 04:14 PM
  4. Closing lid on laptop shuts down kde
    By imported_LinuxNoob in forum OLD Newbie Area
    Replies: 3
    Last Post: 03-13-2007, 03:59 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •