Metasploit issue : Sessions but can't interract with.
Hello,
I will try to explain everything with all the details. So to begin with, I opened metasploit (3.8, from BT5) then I typed :
1.db_workspace -d default to remove previous hosts and have a clean database.
2. db_nmap myhost. To check opened ports. There was a lot of opened ports
3. then db_autopwn -p -e -q. It tryied to launch more than 1000 exploit on the target.
At the end of the module exploitation, I got 61 sessions opened on different ports.
Code:msf > sessions Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 1 shell osx 192.168.1.65:52489 -> 0.0.0.0:5329 2 shell php 192.168.1.65:52639 -> 0.0.0.0:29030 3 shell unix 192.168.1.65:44852 -> 0.0.0.0:31850 4 shell osx 192.168.1.65:45004 -> 0.0.0.0:19512 5 shell bsd 192.168.1.65:37379 -> 0.0.0.0:34134 6 shell unix 192.168.1.65:38508 -> 0.0.0.0:16723 7 shell bsd 192.168.1.65:55874 -> 0.0.0.0:35758 8 shell unix 192.168.1.65:38535 -> 0.0.0.0:22863 9 shell php 192.168.1.65:60917 -> 0.0.0.0:6600 10 shell osx 192.168.1.65:58057 -> 0.0.0.0:24306 11 shell unix 192.168.1.65:51223 -> 0.0.0.0:23035 12 shell php 192.168.1.65:34184 -> 0.0.0.0:30573 13 shell linux 192.168.1.65:43962 -> 0.0.0.0:21530 14 shell unix 192.168.1.65:44205 -> 0.0.0.0:4688 15 shell unix 192.168.1.65:53253 -> 0.0.0.0:26718 16 shell bsd 192.168.1.65:38121 -> 0.0.0.0:21316 17 shell unix 192.168.1.65:59289 -> 0.0.0.0:14446 18 shell unix 192.168.1.65:48479 -> 0.0.0.0:34562 19 shell unix 192.168.1.65:41843 -> 0.0.0.0:12646 20 shell unix 192.168.1.65:36318 -> 0.0.0.0:16865 21 shell unix 192.168.1.65:35443 -> 0.0.0.0:31495 22 shell bsd 192.168.1.65:34100 -> 0.0.0.0:23841 23 shell linux 192.168.1.65:44671 -> 0.0.0.0:7496 24 shell unix 192.168.1.65:42176 -> 0.0.0.0:38070 25 shell solaris 192.168.1.65:36431 -> 0.0.0.0:11273 26 shell solaris 192.168.1.65:34826 -> 0.0.0.0:38624 27 shell unix 192.168.1.65:58813 -> 0.0.0.0:25448 28 shell unix 192.168.1.65:59034 -> 0.0.0.0:14348 29 shell unix 192.168.1.65:60744 -> 0.0.0.0:28887 30 shell unix 192.168.1.65:50868 -> 0.0.0.0:14284 31 shell solaris 192.168.1.65:56390 -> 0.0.0.0:36468 32 shell unix 192.168.1.65:55677 -> 0.0.0.0:16274 33 shell unix 192.168.1.65:50510 -> 0.0.0.0:7735 34 shell linux 192.168.1.65:42841 -> 0.0.0.0:28811 35 shell linux 192.168.1.65:43946 -> 0.0.0.0:37377 36 shell linux 192.168.1.65:54528 -> 0.0.0.0:7446 37 shell linux 192.168.1.65:38293 -> 0.0.0.0:23883 38 shell 192.168.1.65:39716 -> 0.0.0.0:6529 39 shell 192.168.1.65:37119 -> 0.0.0.0:11073 40 shell linux 192.168.1.65:39003 -> 0.0.0.0:6800 41 shell linux 192.168.1.65:45141 -> 0.0.0.0:24449 42 shell unix 192.168.1.65:40953 -> 0.0.0.0:16140 43 shell unix 192.168.1.65:33962 -> 0.0.0.0:37070 44 shell unix 192.168.1.65:40884 -> 0.0.0.0:10438 45 shell php 192.168.1.65:47468 -> 0.0.0.0:12397 46 shell php 192.168.1.65:37743 -> 0.0.0.0:10362 47 shell php 192.168.1.65:43477 -> 0.0.0.0:12830 48 shell unix 192.168.1.65:41447 -> 0.0.0.0:37291 49 shell unix 192.168.1.65:47404 -> 0.0.0.0:14284 50 shell php 192.168.1.65:34512 -> 0.0.0.0:15503 51 shell php 192.168.1.65:57268 -> 0.0.0.0:12121 52 shell unix 192.168.1.65:40069 -> 0.0.0.0:12709 53 shell solaris 192.168.1.65:38218 -> 0.0.0.0:38545 54 shell php 192.168.1.65:55481 -> 0.0.0.0:11744 55 shell php 192.168.1.65:45466 -> 0.0.0.0:20884 56 shell aix 192.168.1.65:48089 -> 0.0.0.0:5217 57 shell unix 192.168.1.65:45310 -> 0.0.0.0:25001 58 shell linux 192.168.1.65:47845 -> 0.0.0.0:20032 59 shell unix 192.168.1.65:55088 -> 0.0.0.0:16546 60 shell unix 192.168.1.65:33744 -> 0.0.0.0:40149 61 shell linux 192.168.1.65:40259 -> 0.0.0.0:19090 msf > sessions -i 54 [*] Starting interaction with 54...It seem to block on the interaction.Code:^C Abort session 54? [y/N] y [*] Command shell session 54 closed. Reason: User exit msf > sessions -i 61[*] Starting interaction with 61... ^C Abort session 61? [y/N] y [*] Command shell session 61 closed. Reason: User exit msf > sessions -i 50[*] Starting interaction with 50... ^C Abort session 50? [y/N] y [*] Command shell session 50 closed. Reason: User exit
My first supposition is that the port binded isn't forwarded into my router so I forwarded some of the binded port and the result was the same.
That was just a honeypot or something is just going wrong ?
Any help would be greatly appreciated.
Thank you.
