Jump to content

Metasploit Meterpreter payload problem..

Dark Overlord

Recommended Posts

I am pretty new to Msfconsole and I decided to try to open a Meterpreter session on my own Windows 7 machine on my LAN. So I simply put a backdoored executable on a CD and ran it on the Windows 7 while running Metasploit from my Kali Linux machine. I connected and got "[*] Sending stage (769536 bytes) to" and I've waited about 30 minutes and still no meterpreter session opened so my first question is: Is this normal? Is the stage uploading supposed to take this long? Now what got really weird was after a while of waiting I got other IPs connecting to my computer even though I'm only running on my local network and I haven't put the executable on anything other than my target machine.

[*] Sending stage (769536 bytes) to [*] Sending stage (769536 bytes) to

Those are two of the six IPs that I got. I then went about finding the Geolocation of all the IPs that connected and they are all from some area in Asia. Which leaves me with my second question.. what the hell is going on? While this would usually be a jackpot to get a bunch of IPs connecting back to me it's confusing the hell out of me. Does anyone know what this could indicate? Am I somehow hijacking a fellow penetration testers victims? (that's more of a joke I doubt that's seriously the situation) Another possibility I thought of is that maybe my machine has been compromised by lots of machines and maybe they got curious and ran it on their own computer? Any ideas and/or solutions for either problem would be greatly appreciated. Thank you ahead of time.

Link to comment
Share on other sites

it is not uncommon to be scanned! It happens! Would be interested in seeing a tcodump! I wondr if maybe metasploit exploit handler has a zero day floating around

Apt-get install tcpick

Tcpick -yP -C "port 4444"

Your windows machine should not hang on the stage, something is wrong. I would try a reverse meterpreter with out the stager

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...