Jump to content
Hak5 Forums
squathub

Exploits Metaspoilt ip adress

Recommended Posts

Newbie here.   Trying to explot my ip adress with the following commands

set RHOST 192.168.56.1

set PAYLOAD windows/meterpreter/bind_tcp

exploit

 I get the following message:

192.168.56.1:45 Exploit failed [unreachable]: Rex: : Connection refused

 

I have pinged the adress and all is fine.  Can you explain this to me

Share this post


Link to post
Share on other sites

Did you generate a meterpreter_bind_tcp.exe

 

If you did, post the command you used

Share this post


Link to post
Share on other sites
Posted (edited)

With the information give not much can be said to help you.

What kind of device is it or what OS is running on it?

What exploit are you using and what versions does it work against?

What version is the service that is running on the remote host?

Is the service on the default port and if not have you designated the port that is being used by the remote device?

Edited by e-Euler

Share this post


Link to post
Share on other sites

I am using mac OS. The full programming routine can be seen below:

exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi

set PAYLOAD windows/meterpreter/bind_tcp

set RHOST 192.168.1.104

set RPORT 22

exploit

 

Share this post


Link to post
Share on other sites
10 hours ago, squathub said:

exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi

set PAYLOAD windows/meterpreter/bind_tcp

I'm confused here. Are you attempting to use a Windows payload to exploit a MAC OS? Or are you implying that you're using MAC OS to exploit a Windows machine?

Share this post


Link to post
Share on other sites

I was just following a basic program on youtube I guess being a newbie I got confused.  How to you get the meterpreter on the mac?

 

Share this post


Link to post
Share on other sites
Posted (edited)

For your particular type of machine you may have to change the pipe from BROWSER to SRVSVC.

Also if you use the -show info- command it will tell you that it may cause the service to fail on subsequent attempts. If you try it once and it doesn't work, be sure to restart the service on the windows machine before you try again to make sure that the service hasn't crashed.

Edited by e-Euler

Share this post


Link to post
Share on other sites

Your target is windows

If you launch a Mac exploit on a windows machine it is 99.99% not going to work unless it is written in C and has the same exploit path as your general windows machine. When launching from metasploit your payload and exploit are target oriented. The only reason you would consider your own operating system is if you are using metasploit to stand up some services such as http(s) smtp DNS etc.

Share this post


Link to post
Share on other sites
11 hours ago, squathub said:

I am using mac OS. The full programming routine can be seen below:

exploit(windows/smb/ms08_067_netapi) > use exploit/windows/smb/ms08_067_netapi

set PAYLOAD windows/meterpreter/bind_tcp

set RHOST 192.168.1.104

set RPORT 22

exploit

 

Here you are loading a exploit that essentially tears up a service to allow remote access.

next you are setting a payload that will cause a connection to be established between you and the victim machine

as far as the port goes in your original post you were using port 45 and now have posted port 22 ssh. If this is a fresh spin up of windows your port should be 445.

Share this post


Link to post
Share on other sites

I got an error using port 445 so I thought I would try to access it using my open port 22

Share this post


Link to post
Share on other sites

Different services handle information differently. An exploit that is for one service will not be for another. read the last part of the -show info- It explains how the exploit works and you will gain a better  understanding of how everything fits together.

 

In the example of a buffer overflow exploit. If a service is available for an int (integer) and its address sits on memory location 100 and a buffer overflow is not checked for we can write data to memory that will overwrite the existing data on the stack all the way back to address 10 with the command to jump to our payload address or make a call to our dormant payload that is not yet in memory.

 

A buffer overflow may exist for another service, but it will not have the same size of memory that needs to be overwritten and likely not the same data type of input. so the same exploit will not work for 2 services that have the same vulnerability.

 

This is broken down to a very elementary level for easy understanding of the concept. If you would like to learn more about stuff like this I would suggest the book Hacking: The Art of Exploitation.

Share this post


Link to post
Share on other sites

I hope this helps you further you capabilities. Feel free to pm me if you need anything.

Share this post


Link to post
Share on other sites

Exploit needs to be aimed a machine that has that particular exploitable vulnerability. Specific version of software running specific architecture.
Payload is operating system specific. Types of payloads go with certain exploits.

There are some intentionally vulnerable distros like metasploitable. You can run them in a virtual machine and try to hack them. This is a fun way to learn hacking. There are some videos on Adrian Crenshaw's channel https://www.youtube.com/user/irongeek

Mubix's Metasploit Minute is might be a good start. Also it wouldn't hurt to watch all of the Hak5 videos.

Pretty much if you just look up exploitation, post-exploitation, encoders, payloads, payload generation, mefvenom, msfconsole, metasploit, armitage.

It might be a good strategy to look up the exploit you want to use. You can find a video tutorial on YouTube, or a written tutorial usually using Google. Syntax or commands might be off so you might have to look through a bunch of tutorials and find the parts that work on put them together. You can find usage for every exploit on the Rapid7 website. So if you look up ms08_067 Rapid7 Metasploit or something like that you will find the official documentation on that metasploit module.

Metasploit The Penetration Tester's Guide

I'm not sure if there is a current edition. The older edition shows syntax for msfencode and msfpayload which were later combined into msfvenom. But conceptually the book will give you what you need.

I recommend reading pretty much all of the books from No Sartch Press.

Best of luck.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×