Exploits Metaspoilt ip adress

[squathub]

Newbie here.   Trying to explot my ip adress with the following commands

set RHOST 192.168.56.1

set PAYLOAD windows/meterpreter/bind_tcp

exploit

 I get the following message:

192.168.56.1:45 Exploit failed [unreachable]: Rex: : Connection refused

 

I have pinged the adress and all is fine.  Can you explain this to me

[i8igmac]

Did you generate a meterpreter_bind_tcp.exe

 

If you did, post the command you used

[squathub]

No I did not generate the meterpreter_bind_tcp.exe  how to do?

[e-Euler]

With the information give not much can be said to help you.

What kind of device is it or what OS is running on it?

What exploit are you using and what versions does it work against?

What version is the service that is running on the remote host?

Is the service on the default port and if not have you designated the port that is being used by the remote device?

Edited August 13, 2018 by e-Euler

[squathub]

I am using mac OS. The full programming routine can be seen below:

exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi

set PAYLOAD windows/meterpreter/bind_tcp

set RHOST 192.168.1.104

set RPORT 22

exploit

 

[theUNK0WN]

10 hours ago, squathub said:

exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi

set PAYLOAD windows/meterpreter/bind_tcp

I'm confused here. Are you attempting to use a Windows payload to exploit a MAC OS? Or are you implying that you're using MAC OS to exploit a Windows machine?

[squathub]

I was just following a basic program on youtube I guess being a newbie I got confused.  How to you get the meterpreter on the mac?

 

[e-Euler]

For your particular type of machine you may have to change the pipe from BROWSER to SRVSVC.

Also if you use the -show info- command it will tell you that it may cause the service to fail on subsequent attempts. If you try it once and it doesn't work, be sure to restart the service on the windows machine before you try again to make sure that the service hasn't crashed.

Edited August 14, 2018 by e-Euler

[squathub]

How? And why?

[e-Euler]

Here is an web page about pipes https://docs.microsoft.com/en-us/windows/desktop/ipc/pipes

and how what??

 

[squathub]

this is for windows I have a mac

[e-Euler]

Your target is windows

If you launch a Mac exploit on a windows machine it is 99.99% not going to work unless it is written in C and has the same exploit path as your general windows machine. When launching from metasploit your payload and exploit are target oriented. The only reason you would consider your own operating system is if you are using metasploit to stand up some services such as http(s) smtp DNS etc.

[e-Euler]

11 hours ago, squathub said:

I am using mac OS. The full programming routine can be seen below:

exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi

set PAYLOAD windows/meterpreter/bind_tcp

set RHOST 192.168.1.104

set RPORT 22

exploit

 

Here you are loading a exploit that essentially tears up a service to allow remote access.

next you are setting a payload that will cause a connection to be established between you and the victim machine

as far as the port goes in your original post you were using port 45 and now have posted port 22 ssh. If this is a fresh spin up of windows your port should be 445.

[squathub]

I got an error using port 445 so I thought I would try to access it using my open port 22

[e-Euler]

Different services handle information differently. An exploit that is for one service will not be for another. read the last part of the -show info- It explains how the exploit works and you will gain a better  understanding of how everything fits together.

 

In the example of a buffer overflow exploit. If a service is available for an int (integer) and its address sits on memory location 100 and a buffer overflow is not checked for we can write data to memory that will overwrite the existing data on the stack all the way back to address 10 with the command to jump to our payload address or make a call to our dormant payload that is not yet in memory.

 

A buffer overflow may exist for another service, but it will not have the same size of memory that needs to be overwritten and likely not the same data type of input. so the same exploit will not work for 2 services that have the same vulnerability.

 

This is broken down to a very elementary level for easy understanding of the concept. If you would like to learn more about stuff like this I would suggest the book Hacking: The Art of Exploitation.

[e-Euler]

I hope this helps you further you capabilities. Feel free to pm me if you need anything.

[vailixi]

Exploit needs to be aimed a machine that has that particular exploitable vulnerability. Specific version of software running specific architecture.
Payload is operating system specific. Types of payloads go with certain exploits.

There are some intentionally vulnerable distros like metasploitable. You can run them in a virtual machine and try to hack them. This is a fun way to learn hacking. There are some videos on Adrian Crenshaw's channel https://www.youtube.com/user/irongeek

Mubix's Metasploit Minute is might be a good start. Also it wouldn't hurt to watch all of the Hak5 videos.

Pretty much if you just look up exploitation, post-exploitation, encoders, payloads, payload generation, mefvenom, msfconsole, metasploit, armitage.

It might be a good strategy to look up the exploit you want to use. You can find a video tutorial on YouTube, or a written tutorial usually using Google. Syntax or commands might be off so you might have to look through a bunch of tutorials and find the parts that work on put them together. You can find usage for every exploit on the Rapid7 website. So if you look up ms08_067 Rapid7 Metasploit or something like that you will find the official documentation on that metasploit module.

Metasploit The Penetration Tester's Guide

I'm not sure if there is a current edition. The older edition shows syntax for msfencode and msfpayload which were later combined into msfvenom. But conceptually the book will give you what you need.

I recommend reading pretty much all of the books from No Sartch Press.

Best of luck.