TuX^ Posted April 13, 2011 Share Posted April 13, 2011 Hi Guys, I've got BackTrack 4 set up on a virtual machine. I'm trying to exploit my own Windows 7 box using the Social Engineering Toolkit. Trying to do a Website Attack Vector, then a Java Applet Attack. Selected Web Templates, then Gmail. Then using a Windows Shell Reverse Payload. To avoid detection from Anti-Virus I'm using a backdoored executable. Port for the listener is 443. Now, the Console says Command shell session 1 opened. Like it should, but what are the commands? Check or exploit don't work and I'm at a bit of a loss. Feel free to come smack me upside the head if you think I'm being stupid, but I'm new. Regards, TuX Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 13, 2011 Share Posted April 13, 2011 Now that you have the session established, you need to interact with the session. This tutorial should get you started. http://blog.metasploit.com/2010/03/latest-adobe-exploit-and-session.html Quote Link to comment Share on other sites More sharing options...
TuX^ Posted April 13, 2011 Author Share Posted April 13, 2011 Thanks, Infiltrator! I get the following error when I try to run exploit -z: Exploit exception: The address is already in use (0.0.0.0:4444). Have I done lhost and rhost the wrong way round or something? Thanks, TuX Quote Link to comment Share on other sites More sharing options...
TuX^ Posted April 13, 2011 Author Share Posted April 13, 2011 (edited) Just tried again, got: Handler failed to bind to [My IP] Handler failed to bind to 0.0.0.0:1337, exploit exception: The address is already in use (0.0.0.0:1337) Any ideas? Have I done RHOST or LHOST wrong or something? I have no idea, and there seems to be a lack of documentation. Regards, TuX Edited April 13, 2011 by TuX^ Quote Link to comment Share on other sites More sharing options...
Jamo Posted April 13, 2011 Share Posted April 13, 2011 Just tried again, got: Handler failed to bind to [My IP] Handler failed to bind to 0.0.0.0:1337, exploit exception: The address is already in use (0.0.0.0:1337) Any ideas? Have I done RHOST or LHOST wrong or something? I have no idea, and there seems to be a lack of documentation. Regards, TuX I guess thth you have something running on that port, as error message says. You can set different LPORT. You can check if there is something running on that port using netcat. nc -l 1337 It tries to listen port 1337. If it gives you error message you know, that you have something running on that port.OR running ps aux |grep 'port' root@bt:/pentest/exploits/SET# ps aux | grep 1337root 6866 0.0 0.0 1808 452 pts/1 S+ 15:31 0:00 nc -l 1337 root 6868 0.0 0.0 2056 516 pts/2 S+ 15:31 0:00 grep 1337 Quote Link to comment Share on other sites More sharing options...
TuX^ Posted April 13, 2011 Author Share Posted April 13, 2011 I'm doing NetCat on port 1337 now, but I have tried others to carry out the same exploit and got the same error. Any other suggestions? Much appreciated, TuX Quote Link to comment Share on other sites More sharing options...
digip Posted April 13, 2011 Share Posted April 13, 2011 Dont use 0.0.0.0, but use the actual IP of the rhost and IP of your machine for lhost. If you still get the error, something else is using that port for communications. All else fails, try the armitage gui and let it set all the ip's and ports for you. Use the same attacks you used previously. The other thought is that windows is blocking the attack from working. Quote Link to comment Share on other sites More sharing options...
TuX^ Posted April 13, 2011 Author Share Posted April 13, 2011 Thanks Digip, I wasn't using that IP as the rhost, I was using the IP of the machine I'm trying to attack. And as far as I can see there is nothing else running on that port, like I said, I tried a couple of other ports as well. Regards, TuX Quote Link to comment Share on other sites More sharing options...
Trip Posted April 13, 2011 Share Posted April 13, 2011 (edited) why are you using port 1337 ? try using the default ports to begin with ... and the real IP also if your running in a virtual environment have you setup your network bridge correctly ? Edited April 13, 2011 by Trip Quote Link to comment Share on other sites More sharing options...
TuX^ Posted April 13, 2011 Author Share Posted April 13, 2011 (edited) Hi Guys, I've managed to get in by binding the port and connecting through that, and it works! :D Thanks all, TuX Edited April 13, 2011 by TuX^ Quote Link to comment Share on other sites More sharing options...
Guest leg3nd Posted April 13, 2011 Share Posted April 13, 2011 I dont think 0.0.0.0 would cause the issue but the real ipv4 address eliminates that variable, but if you run (from *nix) 'netstat -antp' and locate the process using the designated port. Use 'kill PID#' to kill the corresponding processes and free up the port. Although it could likely be something inside metasploit like a listener already running on that port, in which case (inside msf) jobs -K will end all the jobs or jobs -k # for a specific number. Also from the first post it sounds like your utilizing a command shell payload, which is okay, but your going to gain much more efficiency and versatility through a meterpreter session. Quote Link to comment Share on other sites More sharing options...
Trip Posted April 13, 2011 Share Posted April 13, 2011 tux post what you did to get it working and what the initial problem was ... then if some on searches for a similar issue they can use this post as reference ;) Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted April 13, 2011 Share Posted April 13, 2011 SET is not a part of Metasploit, it's a tool that uses metasploit for ease of use. Learn metasploit before trying to use tools that use it. Google metasploit unleashed. Quote Link to comment Share on other sites More sharing options...
TuX^ Posted April 13, 2011 Author Share Posted April 13, 2011 Trip, I used a different payload.. Haven't had the time to work on it more yet. All I managed to do was get to command prompt.. Create / delete users / privilege escalation and file manipulation. Thanks for all the help guys, TuX Quote Link to comment Share on other sites More sharing options...
Trip Posted April 14, 2011 Share Posted April 14, 2011 nice one dude it just makes the forum a superb reference tool and v useful ;) Quote Link to comment Share on other sites More sharing options...
TuX^ Posted April 14, 2011 Author Share Posted April 14, 2011 @Trip, No bother. And thanks for all the help you've given me. TuX Quote Link to comment Share on other sites More sharing options...
digip Posted April 14, 2011 Share Posted April 14, 2011 If you are attacking the machine hosting the VM from within the VM itself, that makes sense why you get the error, since obviously that port is in use due to the VM sharing the network with the host machine and vice versa. If it was against another machine on the network or another VM, it probably would have worked. If you get the chance, set up a second vm doing the same attack as you had originally tried, or get another real machine on the network to try attacking. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.