Metasploit.

Viewing 5 reply threads
  • Author
    Posts
    • #6335
      H4TT1fn4TT
      Participant

      I need some help here. I am trying to use one of the exploits that comes with Metasploit to see if I can re-create an event that happened.

      I am running Backtrack4 R2 in Oracle VM and have osCommerce set up on my main machine using the WAMP package.

      The version of osCommerce is osCommerce 2.2-MS2.

      No matter what I try I can not seem to be able to exploit my machine. As a payload I am using generic/shell_reverse_tcp.

      This is the Metasploit page on the exploit: http://www.metasploit.com/modules/exploit/unix/webapp/oscommerce_filemanager.

      I have set all the options and tried both IP addresses as VHOST as I thought that might be the problem but it was not.

      The Virtual Box is set to bridged networking.

      Any help on this one would be welcome.

    • #39568
      Anonymous
      Participant

      Do you get any errors? The only thing I can think of is as your using bridged networking it would have the same IP address maybe it does not like it.

      as your RHOSt and VHOST would be the same but I am not expert on Metasploit

    • #39569
      H4TT1fn4TT
      Participant

      I was thinking that. Thought I would try it using a free hosting account but try finding one these day’s with register_globals and register_array_long both enabled in php.ini…

    • #39570
      AndyB67
      Participant

      I had a similar problem with another app and ended up sticking a 2nd network card in and buying VM Workstation so I could tie the VM’s down to a specific card

    • #39571
      lorddicranius
      Participant

      Are you able to pass traffic between the two machines prior to attempting to exploit it?  If you are, that’ll tell you that it’s not an interface/routing issue, but something with the exploit itself.

    • #39572
      caissyd
      Participant

      Have you tried using a sniffer? Analyzing traffic always helped me find the solution…

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?