Jump to content

[help]metasploit\backtrack


Recommended Posts

Posted

Hi there. I saw some very experienced guys when we talk about pentesting. Maybe i am new here, and i came with a reason. I think i can find some help here, and i would like to solve my problem(im 3 days locked at home trying to solve this -.-), so lets begin

I dont know what the hell is wrong with my backtrack. As i see everyone(except me) has a folder framework3 in /pentest/exploits/(later i saw, that /pentest/exploits/framework should be = /opt/framework/msf3 = the one above). My msf is up to date v 4.2.0 but still i got are folders, framework and framework2. Nvm that, i tried exploiting non updated windows xp systems and this is what i've got so far -.-

THIS IS ON SP3

----using the payload windows/download_exec

[-] Exploit failed: No encoders encoded the buffer successfully.
[*] Exploit completed, but no session was created.

also on sp3

----using the payload bind_tcp

Automatically detecting the target...
Fingerprint: Windows XP - Service Pack 3
Selected Target: Windows XP SP3 (NX)
Attempting to trigger the vulnerability...
Exploit completed, but no session was created.

sux right?

Anyway now tried on sp2

----using the payload reverse_tcp

[*] Started reverse handler on 10.10.10.137:4444 
[-] Exploit exception: The connection timed out (10.10.10.139:445).
[*] Exploit completed, but no session was created.

also tried with download_exec but forgot to copy the output, anyway the last output stays same("Exploit completed, but no session was created").

I need help of this badly because i cannot keep pentesting anything else everything seems screw'd up <_<. Hope i get this done

Posted

Seems like you didnt understand my topic, also other 16 viewers so far. In topic title i put backtrack, so probably im using backtrack but anyway those system's i mentioned above are my victims and i am penetrating them

Posted

Yeah I see that, sorry.

So you're running executables on a victim in hopes of getting a shell?

Are you trying this from over the internet or on the lan? How are you delivering the payload (java, .pdf, .exe, web apps)...? What other variables are involved?

Is the victim a virtual machine? If you're executing from over the internet, whats your connection type (in my experience meterpreter doesn't like 3g)?

If you want help you'll have to be much more specific.

Posted

Na im running it from virtual machine. My host is win 7 with virtualbox attached with these 3 systems. The payload should be delivered using exploit as i know

Posted (edited)

1) Can I suggest you to download the latest version of Backtrack if you haven't done so.

2) This error "Exploit completed, but no session was created." usually means, the target you are trying exploit is not exploitable, or not vulnerable to the exploit you are using.

3) Make sure your target machine does not have any patches installed, to determine, go to Control Panel, "Add or Remove programs" and uninstall any MS KB update you see.

4) Don't always revert to the same exploit, try different exploits until you find one that works well.

5) Make sure there are not firewall or any security essentials installed.

6) If you are still having issues exploiting your target, download this vulnerable VM.

http://metasploit.com/help/test-lab.jsp

http://www.offensive-security.com/metasploit-unleashed/Metasploitable

Edited by Infiltrator
Posted

So here i come with the fix, damn. I used the virtualbox host-only adapter and i thought the traffic will be only between host and guests(but not, the traffic anyway goes trough router) so i had to port forward on my router the port i am exploiting for the specified ip :D

Posted (edited)

Good work, its good to learn how to do things yourself. Its a very rewarding experience.

Edited by Infiltrator
  • 1 month later...
Posted

Hi there,

Blk3 i need your help. I am facing the problem similarly as yours....

I am using Backtrack 5 on VmWare. Using network configuration as Bridged. Backtrack ip is 192.168.10.181

My host OS is winsows xp sp3 ip 192.168.10.3

both machines can ping each other. Win XP is physically install on my system and using Backtrack as guest OS in VM ware

when i exploit the windows vulnerability of remote code execution i.e ms07_067_netapi i face following problem

Automatically detecting the target...

Fingerprint: Windows XP - Service Pack 3

Selected Target: Windows XP SP3

Attempting to trigger the vulnerability...

Exploit completed, but no session was created.

I think my problem is same as yours can you please tell me how to figure this out.................. As you have done this before.

Thanks in advance .........

  • 1 month later...
Posted

All I can say is make sure your VM is set up as bridged, (I keep the 'Replicate physical network connection state' option checked), Use windows xp service pack 2. Make sure you select a payload, the exploit may complete, but if there's no payload to upload once it completes you won't be able to get a session.

First try pinging your windows xp machine, if you can't, you have some other network issue, it could be your VM settings, or your normal network settings. Once your able to "see" the victim machine, try using metasploit again.

If you still have issues with metasploit after you can "see" your victim machine, post your complete inputs and outputs from start to end of what your doing in metasploit, and I'll see if I can help.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...