Backtrack4 And Set Question

[TuX^]

Hi Guys,

I've got BackTrack 4 set up on a virtual machine. I'm trying to exploit my own Windows 7 box using the Social Engineering Toolkit.

Trying to do a Website Attack Vector, then a Java Applet Attack. Selected Web Templates, then Gmail. Then using a Windows Shell Reverse Payload. To avoid detection from Anti-Virus I'm using a backdoored executable. Port for the listener is 443.

Now, the Console says Command shell session 1 opened. Like it should, but what are the commands? Check or exploit don't work and I'm at a bit of a loss.

Feel free to come smack me upside the head if you think I'm being stupid, but I'm new.

Regards,

TuX

[Infiltrator]

Now that you have the session established, you need to interact with the session.

This tutorial should get you started.

http://blog.metasploit.com/2010/03/latest-adobe-exploit-and-session.html

[TuX^]

Thanks, Infiltrator!

I get the following error when I try to run exploit -z: Exploit exception: The address is already in use (0.0.0.0:4444).

Have I done lhost and rhost the wrong way round or something?

Thanks,

TuX

[TuX^]

Just tried again, got:

Handler failed to bind to [My IP]

Handler failed to bind to 0.0.0.0:1337, exploit exception: The address is already in use (0.0.0.0:1337)

Any ideas? Have I done RHOST or LHOST wrong or something? I have no idea, and there seems to be a lack of documentation.

Regards,

TuX

Edited April 13, 2011 by TuX^

[Jamo]

Just tried again, got:

Handler failed to bind to [My IP]

Handler failed to bind to 0.0.0.0:1337, exploit exception: The address is already in use (0.0.0.0:1337)

Any ideas? Have I done RHOST or LHOST wrong or something? I have no idea, and there seems to be a lack of documentation.

Regards,

TuX

I guess thth you have something running on that port, as error message says. You can set different LPORT.

You can check if there is something running on that port using netcat.

nc -l 1337

It tries to listen port 1337. If it gives you error message you know, that you have something running on that port.

OR running ps aux |grep 'port'

root@bt:/pentest/exploits/SET# ps aux | grep 1337

root 6866 0.0 0.0 1808 452 pts/1 S+ 15:31 0:00 nc -l 1337

root 6868 0.0 0.0 2056 516 pts/2 S+ 15:31 0:00 grep 1337

[TuX^]

I'm doing NetCat on port 1337 now, but I have tried others to carry out the same exploit and got the same error.

Any other suggestions?

Much appreciated,

TuX

[digip]

Dont use 0.0.0.0, but use the actual IP of the rhost and IP of your machine for lhost. If you still get the error, something else is using that port for communications.

All else fails, try the armitage gui and let it set all the ip's and ports for you. Use the same attacks you used previously.

The other thought is that windows is blocking the attack from working.

[TuX^]

Thanks Digip, I wasn't using that IP as the rhost, I was using the IP of the machine I'm trying to attack. And as far as I can see there is nothing else running on that port, like I said, I tried a couple of other ports as well.

Regards,

TuX

[Trip]

why are you using port 1337 ?

try using the default ports to begin with ... and the real IP

also if your running in a virtual environment have you setup your network bridge correctly ?

Edited April 13, 2011 by Trip

[TuX^]

Hi Guys, I've managed to get in by binding the port and connecting through that, and it works! :D

Thanks all,

TuX

Edited April 13, 2011 by TuX^

[Guest leg3nd]

I dont think 0.0.0.0 would cause the issue but the real ipv4 address eliminates that variable, but if you run (from *nix) 'netstat -antp' and locate the process using the designated port. Use 'kill PID#' to kill the corresponding processes and free up the port.

Although it could likely be something inside metasploit like a listener already running on that port, in which case (inside msf) jobs -K will end all the jobs or jobs -k # for a specific number.

Also from the first post it sounds like your utilizing a command shell payload, which is okay, but your going to gain much more efficiency and versatility through a meterpreter session.

[Trip]

tux post what you did to get it working and what the initial problem was

... then if some on searches for a similar issue they can use this post as reference ;)

[Mr-Protocol]

SET is not a part of Metasploit, it's a tool that uses metasploit for ease of use.

Learn metasploit before trying to use tools that use it. Google metasploit unleashed.

[TuX^]

Trip, I used a different payload.. Haven't had the time to work on it more yet. All I managed to do was get to command prompt.. Create / delete users / privilege escalation and file manipulation. Thanks for all the help guys,

TuX

[Trip]

nice one dude it just makes the forum a superb reference tool and v useful ;)

[TuX^]

@Trip,

No bother. And thanks for all the help you've given me.

TuX

[digip]

If you are attacking the machine hosting the VM from within the VM itself, that makes sense why you get the error, since obviously that port is in use due to the VM sharing the network with the host machine and vice versa. If it was against another machine on the network or another VM, it probably would have worked. If you get the chance, set up a second vm doing the same attack as you had originally tried, or get another real machine on the network to try attacking.