Jump to content

Backtrack4 And Set Question


TuX^
 Share

Recommended Posts

Hi Guys,

I've got BackTrack 4 set up on a virtual machine. I'm trying to exploit my own Windows 7 box using the Social Engineering Toolkit.

Trying to do a Website Attack Vector, then a Java Applet Attack. Selected Web Templates, then Gmail. Then using a Windows Shell Reverse Payload. To avoid detection from Anti-Virus I'm using a backdoored executable. Port for the listener is 443.

Now, the Console says Command shell session 1 opened. Like it should, but what are the commands? Check or exploit don't work and I'm at a bit of a loss.

Feel free to come smack me upside the head if you think I'm being stupid, but I'm new.

Regards,

TuX

Link to comment
Share on other sites

Now that you have the session established, you need to interact with the session.

This tutorial should get you started.

http://blog.metasploit.com/2010/03/latest-adobe-exploit-and-session.html

Link to comment
Share on other sites

Thanks, Infiltrator!

I get the following error when I try to run exploit -z: Exploit exception: The address is already in use (0.0.0.0:4444).

Have I done lhost and rhost the wrong way round or something?

Thanks,

TuX

Link to comment
Share on other sites

Just tried again, got:

Handler failed to bind to [My IP]

Handler failed to bind to 0.0.0.0:1337, exploit exception: The address is already in use (0.0.0.0:1337)

Any ideas? Have I done RHOST or LHOST wrong or something? I have no idea, and there seems to be a lack of documentation.

Regards,

TuX

Edited by TuX^
Link to comment
Share on other sites

Just tried again, got:

Handler failed to bind to [My IP]

Handler failed to bind to 0.0.0.0:1337, exploit exception: The address is already in use (0.0.0.0:1337)

Any ideas? Have I done RHOST or LHOST wrong or something? I have no idea, and there seems to be a lack of documentation.

Regards,

TuX

I guess thth you have something running on that port, as error message says. You can set different LPORT.

You can check if there is something running on that port using netcat.

nc -l 1337
It tries to listen port 1337. If it gives you error message you know, that you have something running on that port.

OR running ps aux |grep 'port'

root@bt:/pentest/exploits/SET# ps aux | grep 1337

root 6866 0.0 0.0 1808 452 pts/1 S+ 15:31 0:00 nc -l 1337

root 6868 0.0 0.0 2056 516 pts/2 S+ 15:31 0:00 grep 1337

Link to comment
Share on other sites

Dont use 0.0.0.0, but use the actual IP of the rhost and IP of your machine for lhost. If you still get the error, something else is using that port for communications.

All else fails, try the armitage gui and let it set all the ip's and ports for you. Use the same attacks you used previously.

The other thought is that windows is blocking the attack from working.

Link to comment
Share on other sites

Thanks Digip, I wasn't using that IP as the rhost, I was using the IP of the machine I'm trying to attack. And as far as I can see there is nothing else running on that port, like I said, I tried a couple of other ports as well.

Regards,

TuX

Link to comment
Share on other sites

why are you using port 1337 ?

try using the default ports to begin with ... and the real IP

also if your running in a virtual environment have you setup your network bridge correctly ?

Edited by Trip
Link to comment
Share on other sites

Guest leg3nd

I dont think 0.0.0.0 would cause the issue but the real ipv4 address eliminates that variable, but if you run (from *nix) 'netstat -antp' and locate the process using the designated port. Use 'kill PID#' to kill the corresponding processes and free up the port.

Although it could likely be something inside metasploit like a listener already running on that port, in which case (inside msf) jobs -K will end all the jobs or jobs -k # for a specific number.

Also from the first post it sounds like your utilizing a command shell payload, which is okay, but your going to gain much more efficiency and versatility through a meterpreter session.

Link to comment
Share on other sites

Trip, I used a different payload.. Haven't had the time to work on it more yet. All I managed to do was get to command prompt.. Create / delete users / privilege escalation and file manipulation. Thanks for all the help guys,

TuX

Link to comment
Share on other sites

If you are attacking the machine hosting the VM from within the VM itself, that makes sense why you get the error, since obviously that port is in use due to the VM sharing the network with the host machine and vice versa. If it was against another machine on the network or another VM, it probably would have worked. If you get the chance, set up a second vm doing the same attack as you had originally tried, or get another real machine on the network to try attacking.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...