squathub Posted August 12, 2018 Posted August 12, 2018 Newbie here. Trying to explot my ip adress with the following commands set RHOST 192.168.56.1 set PAYLOAD windows/meterpreter/bind_tcp exploit I get the following message: 192.168.56.1:45 Exploit failed [unreachable]: Rex: : Connection refused I have pinged the adress and all is fine. Can you explain this to me Quote
i8igmac Posted August 12, 2018 Posted August 12, 2018 Did you generate a meterpreter_bind_tcp.exe If you did, post the command you used Quote
squathub Posted August 13, 2018 Author Posted August 13, 2018 No I did not generate the meterpreter_bind_tcp.exe how to do? Quote
e-Euler Posted August 13, 2018 Posted August 13, 2018 (edited) With the information give not much can be said to help you. What kind of device is it or what OS is running on it? What exploit are you using and what versions does it work against? What version is the service that is running on the remote host? Is the service on the default port and if not have you designated the port that is being used by the remote device? Edited August 13, 2018 by e-Euler Quote
squathub Posted August 14, 2018 Author Posted August 14, 2018 I am using mac OS. The full programming routine can be seen below: exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi set PAYLOAD windows/meterpreter/bind_tcp set RHOST 192.168.1.104 set RPORT 22 exploit Quote
theUNK0WN Posted August 14, 2018 Posted August 14, 2018 10 hours ago, squathub said: exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi set PAYLOAD windows/meterpreter/bind_tcp I'm confused here. Are you attempting to use a Windows payload to exploit a MAC OS? Or are you implying that you're using MAC OS to exploit a Windows machine? Quote
squathub Posted August 14, 2018 Author Posted August 14, 2018 I was just following a basic program on youtube I guess being a newbie I got confused. How to you get the meterpreter on the mac? Quote
e-Euler Posted August 14, 2018 Posted August 14, 2018 (edited) For your particular type of machine you may have to change the pipe from BROWSER to SRVSVC. Also if you use the -show info- command it will tell you that it may cause the service to fail on subsequent attempts. If you try it once and it doesn't work, be sure to restart the service on the windows machine before you try again to make sure that the service hasn't crashed. Edited August 14, 2018 by e-Euler Quote
e-Euler Posted August 14, 2018 Posted August 14, 2018 Here is an web page about pipes https://docs.microsoft.com/en-us/windows/desktop/ipc/pipes and how what?? Quote
e-Euler Posted August 14, 2018 Posted August 14, 2018 Your target is windows If you launch a Mac exploit on a windows machine it is 99.99% not going to work unless it is written in C and has the same exploit path as your general windows machine. When launching from metasploit your payload and exploit are target oriented. The only reason you would consider your own operating system is if you are using metasploit to stand up some services such as http(s) smtp DNS etc. Quote
e-Euler Posted August 14, 2018 Posted August 14, 2018 11 hours ago, squathub said: I am using mac OS. The full programming routine can be seen below: exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi set PAYLOAD windows/meterpreter/bind_tcp set RHOST 192.168.1.104 set RPORT 22 exploit Here you are loading a exploit that essentially tears up a service to allow remote access. next you are setting a payload that will cause a connection to be established between you and the victim machine as far as the port goes in your original post you were using port 45 and now have posted port 22 ssh. If this is a fresh spin up of windows your port should be 445. Quote
squathub Posted August 14, 2018 Author Posted August 14, 2018 I got an error using port 445 so I thought I would try to access it using my open port 22 Quote
e-Euler Posted August 14, 2018 Posted August 14, 2018 Different services handle information differently. An exploit that is for one service will not be for another. read the last part of the -show info- It explains how the exploit works and you will gain a better understanding of how everything fits together. In the example of a buffer overflow exploit. If a service is available for an int (integer) and its address sits on memory location 100 and a buffer overflow is not checked for we can write data to memory that will overwrite the existing data on the stack all the way back to address 10 with the command to jump to our payload address or make a call to our dormant payload that is not yet in memory. A buffer overflow may exist for another service, but it will not have the same size of memory that needs to be overwritten and likely not the same data type of input. so the same exploit will not work for 2 services that have the same vulnerability. This is broken down to a very elementary level for easy understanding of the concept. If you would like to learn more about stuff like this I would suggest the book Hacking: The Art of Exploitation. Quote
e-Euler Posted August 14, 2018 Posted August 14, 2018 I hope this helps you further you capabilities. Feel free to pm me if you need anything. Quote
vailixi Posted September 2, 2018 Posted September 2, 2018 Exploit needs to be aimed a machine that has that particular exploitable vulnerability. Specific version of software running specific architecture. Payload is operating system specific. Types of payloads go with certain exploits. There are some intentionally vulnerable distros like metasploitable. You can run them in a virtual machine and try to hack them. This is a fun way to learn hacking. There are some videos on Adrian Crenshaw's channel https://www.youtube.com/user/irongeek Mubix's Metasploit Minute is might be a good start. Also it wouldn't hurt to watch all of the Hak5 videos. Pretty much if you just look up exploitation, post-exploitation, encoders, payloads, payload generation, mefvenom, msfconsole, metasploit, armitage. It might be a good strategy to look up the exploit you want to use. You can find a video tutorial on YouTube, or a written tutorial usually using Google. Syntax or commands might be off so you might have to look through a bunch of tutorials and find the parts that work on put them together. You can find usage for every exploit on the Rapid7 website. So if you look up ms08_067 Rapid7 Metasploit or something like that you will find the official documentation on that metasploit module. Metasploit The Penetration Tester's Guide I'm not sure if there is a current edition. The older edition shows syntax for msfencode and msfpayload which were later combined into msfvenom. But conceptually the book will give you what you need. I recommend reading pretty much all of the books from No Sartch Press. Best of luck. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.