Ryu Shikata Posted November 17, 2012 Share Posted November 17, 2012 Well my problem is that everytime i try to run some kind of attack using java applet or rhino it says: [*] Started reverse handler on 10.128.112.24:4444 msf exploit(java_rhino) > [-] Exploit failed: Rex::AddressInUse The address is already in use (username.zapto.org:443) i checked to see if something else was running on those ports and nothing was. I also tried to run this exploit after rebooting and still that error. I am running ubuntu 12.04 and have tested on backtrack 5 r3 as well on VMWare. I have the same problem with or without a VPN. I tested several different port fowarded ports and still nothing. Quote Link to comment Share on other sites More sharing options...
digip Posted November 17, 2012 Share Posted November 17, 2012 Can you run a netstat and lsof to see what connections are using the port and what program is either already listening on them or using that port? I do recall something about the java applet attack being patched against, so its possible that might be why its failing, but I would thing that would be an error of some other kind after the fact you launch and it would just return no session if not exploitable. If doing it on bt5 in vmware, set the nic to bridged, and on your router, put the VM's IP in a DMZ so no need to port forward. Just make sure you change the default passwords for root from root/toor and the workstation hostname from bt or backtrack to something else, or someone could hack you back with default credentials and login into the bt host remotely if they saw it and knew the default logins are root/toor. Quote Link to comment Share on other sites More sharing options...
Ryu Shikata Posted November 17, 2012 Author Share Posted November 17, 2012 I can run the exploit within my LAN but outside my network i am testing it on a separate machine of mine and it says AddressInUse. http://paste.ubuntu.com/1365998/ -lsof http://paste.ubuntu.com/1365887/ -netstat -ab on my windows 7 OS Quote Link to comment Share on other sites More sharing options...
digip Posted November 17, 2012 Share Posted November 17, 2012 (edited) You can run netstat in linux as well, but it might not be installed by default depending on the distro. Anyway, I don't remember the exact command but there are switches with lsof that show the sockets and ports each program is using, which should show port 4444 on one of them, or even a netstat in linux if you have it installed, will do same thing like the windows output and show the ports. Read the help files, I don't have it in front of me, but there are switches for both netstat and lsof for linux to show the program using the ports and sockets and program associated with the connections. By the way, what OS is the one doing the attack, windows or linux? Because its possible the firewall on the attacking box might also be blocking it from creating the listener. Its also possible the DynDNS service you are using, is blocking or redirecting all traffic to port 443. Not sure, but try using something other than the DynDNS service(or if thats what you are attacking, they may be filtering the attack) Edited November 17, 2012 by digip Quote Link to comment Share on other sites More sharing options...
Ryu Shikata Posted November 17, 2012 Author Share Posted November 17, 2012 Ultimate Edition 3.4(Ubuntu 12.04) is the attacker in VMware. I have disabled the firewall. I entered in my own IP (with ports forwarded) and no-ip not DynDNS I don't think that is the problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.