Jump to content

Error with java_signed_applet and Java_Rhino metasploit


Ryu Shikata

Recommended Posts

Well my problem is that everytime i try to run some kind of attack using java applet or rhino it says:

[*] Started reverse handler on 10.128.112.24:4444

msf exploit(java_rhino) > [-] Exploit failed: Rex::AddressInUse The address is already in use (username.zapto.org:443)

i checked to see if something else was running on those ports and nothing was. I also tried to run this exploit after rebooting and still that error.

I am running ubuntu 12.04 and have tested on backtrack 5 r3 as well on VMWare. I have the same problem with or without a VPN.

I tested several different port fowarded ports and still nothing.

Link to comment
Share on other sites

Can you run a netstat and lsof to see what connections are using the port and what program is either already listening on them or using that port? I do recall something about the java applet attack being patched against, so its possible that might be why its failing, but I would thing that would be an error of some other kind after the fact you launch and it would just return no session if not exploitable. If doing it on bt5 in vmware, set the nic to bridged, and on your router, put the VM's IP in a DMZ so no need to port forward. Just make sure you change the default passwords for root from root/toor and the workstation hostname from bt or backtrack to something else, or someone could hack you back with default credentials and login into the bt host remotely if they saw it and knew the default logins are root/toor.

Link to comment
Share on other sites

You can run netstat in linux as well, but it might not be installed by default depending on the distro. Anyway, I don't remember the exact command but there are switches with lsof that show the sockets and ports each program is using, which should show port 4444 on one of them, or even a netstat in linux if you have it installed, will do same thing like the windows output and show the ports. Read the help files, I don't have it in front of me, but there are switches for both netstat and lsof for linux to show the program using the ports and sockets and program associated with the connections.

By the way, what OS is the one doing the attack, windows or linux? Because its possible the firewall on the attacking box might also be blocking it from creating the listener. Its also possible the DynDNS service you are using, is blocking or redirecting all traffic to port 443. Not sure, but try using something other than the DynDNS service(or if thats what you are attacking, they may be filtering the attack)

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...