This topic contains 17 replies, has 4 voices, and was last updated by 
-
Posts
-
Hello
When i run social engineering tool kit i get this error :Something is running on port 80. Seeing if it’s a stale SET process.
i used Java Applet Attack Method-Site – site cloner. i restarted SET & still the problem persists,please suggest me how to solve this ?Thank you
set:payloads> PORT of the listener [443]:
[*] Done, moving the payload into the action.
[-] Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload…
[*] Stager turned off, prepping direct download payload…
[*] Please note that the SETSHELL and RATTE are not compatible with the powershell injection technique. Disabling the powershell attack.
[!] ERROR:Something is running on port 80. Seeing if it’s a stale SET process…
[!] If you want to use Apache, edit the config/set_config
[!] Exit whatever is listening and restart SET -
If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.
netstat -antp will tell you what the problem is.
-
@cd1zz wrote:
If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.
netstat -antp will tell you what the problem is.
I’m using backtrack 5r2, a netstat -antp reveals me this,
root@bt:~# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1127/apache2
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 786/postgres
tcp6 0 0 ::1:5432 :::* LISTEN 786/postgres
-
@skorpinok wrote:
@cd1zz wrote:
If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.
netstat -antp will tell you what the problem is.
I’m using backtrack 5r2, a netstat -antp reveals me this,
root@bt:~# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1127/apache2
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 786/postgres
tcp6 0 0 ::1:5432 :::* LISTEN 786/postgres
Apache is running, I highlighted in bold, that’s why SET doesn’t load.
Try stopping Apache and see if that helps: “apache2 stop” or “/etc/init.d/apache2 stop” -
Or, just configure SET to use apache in set_config:
# USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
# THE ATTACK VECTOR
APACHE_SERVER=ON -
@cd1zz wrote:
Or, just configure SET to use apache in set_config:
# USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
# THE ATTACK VECTOR
APACHE_SERVER=ONThanks now it works without any problem, did exactly as you said, however , in the mean while iam faced with another problem, metasploit wont load in SET (waited for minutes )when i use java applet attack method,any idea what could be causing this ?
info…
–] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox
Apache web server is currently in use for performance.[*] Moving payload into cloned website.
[*] The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener…
[-] This may take a few to load MSF…Press [return] when finished.
Thank you
-
I’m not sure I see where the error is. Double check the set_config that it is pointed to the correct msf directory.
-
@cd1zz wrote:
I’m not sure I see where the error is. Double check the set_config that it is pointed to the correct msf directory.
Well in set_config previously was default /pentest/exploits/framework3, which i later changed to cd /opt/metasploit/msf3/ after this still same problem, then i located msfconsole through terminal
root@bt:~# locate msfconsole
/opt/metasploit/app/msfconsole
/opt/metasploit/apps/pro/msf3/msfconsole
/opt/metasploit/apps/pro/msf3/test/functional/framework/msfconsole_spec.rb
/opt/metasploit/msf3/msfconsole
/opt/metasploit/msf3/.svn/prop-base/msfconsole.svn-base
/opt/metasploit/msf3/.svn/text-base/msfconsole.svn-base
/opt/metasploit/msf3/documentation/msfconsole_rc_ruby_example.rc
/opt/metasploit/msf3/documentation/.svn/text-base/msfconsole_rc_ruby_example.rc.svn-base
/opt/metasploit/msf3/external/source/armitage/resources/msfconsole.style
/opt/metasploit/msf3/external/source/armitage/resources/.svn/text-base/msfconsole.style.svn-base
/opt/metasploit/msf3/test/functional/framework/msfconsole_spec.rb
/opt/metasploit/msf3/test/functional/framework/.svn/text-base/msfconsole_spec.rb.svn-base
/pentest/exploits/framework2/msfconsole
/pentest/exploits/framework2/docs/QUICKSTART.msfconsole
/usr/local/bin/msfconsole
/usr/share/applications/backtrack-metasploit-msfconsole.desktopthen once again i configure in SET DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
METASPLOIT_PATH= /pentest/exploits/framework2/msfconsole.still not working anymore, where could be the problem, i use Backtrack 5R2, metasploit v4.4.0-dev. any ideas ?
-
Dont point it to the msfconsole binary, point it to the path. It should be
/pentest/exploits/framework3
-
@cd1zz wrote:
Dont point it to the msfconsole binary, point it to the path. It should be
/pentest/exploits/framework3
ok i changed it to
/pentest/exploits/framework3its same thing again msf just wont load at all..
here is the brief info.. i go to …
Website Attack Vectors -> Java Applet Attack Method–> Site Cloner
Are you using NAT/Port Forwarding [yes|no]: noIP address for the reverse connection:192.168.56.101 (backtrack ip)
[*] Cloning the website: http://www.gmail.com
[*] This could take a little bit…
[*] Injecting Java Applet attack into the newly cloned website.
[*] Filename obfuscation complete. Payload name is: 84hPykFDDtYIJKx
[*] Malicious java applet website prepped for deploymentWhat payload do you want to generate: Windows Reverse_TCP Meterpreter
Payload : Backdoored Executable (BEST)
set:payloads> PORT of the listener [443] ( i press enter default)
[*] Generating x64-based powershell injection code…
[*] Generating x86-based powershell injection code…
[*] Finished generating shellcode powershell injection attack and is encoded to bypass execution restriction policys…
[-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds…
[*] Backdoor completed successfully. Payload is now hidden within a legit executable.
[*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
[-] Packing the executable and obfuscating PE file randomly, one moment.
[*] Digital Signature Stealing is ON, hijacking a legit digital certificate
[*] Generating OSX payloads through Metasploit…
[*] Generating Linux payloads through Metasploit…
[*] Apache appears to be running, moving files into Apache’s home***************************************************
Web Server Launched. Welcome to the SET Web Attack.
***************************************************Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox
Apache web server is currently in use for performance.[*] Moving payload into cloned website.
[*] The site has been moved. SET Web Server is now listening..
[-] Launching MSF Listener…
[-] This may take a few to load MSF… -
How long are you waiting?
Does metasploit start separately, on it’s own?
-
It should be /pentest/exploits/framework (they dropped the 3) or
/opt/metasploit/msf3 -
Yep, hell_razor is right. I was going off memory. Just checked and they did drop the 3. However, I thought SET threw an error when it used the wrong dir.
-
@cd1zz wrote:
Yep, hell_razor is right. I was going off memory. Just checked and they did drop the 3. However, I thought SET threw an error when it used the wrong dir.
sorry bro.. i did what mr. razor told tried each one of them /pentest/exploits/framework & /opt/metasploit/msf3, its out of luck, its same again, updated metasploit & SET too before this. well i’ll try to reinstall Backtrack 5R2 O.S… guess this would work..
here is the brief info regarding my set_config..
DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
METASPLOIT_PATH= /opt/metasploit/msf3METASPLOIT_DATABASE=postgresql
HOW MANY TIMES SET SHOULD ENCODE A PAYLOAD IF YOU ARE USING STANDARD METASPLO
ENCOUNT=4
AUTO_MIGRATE=OFF
BACKDOOR_EXECUTION=ON
METASPLOIT_IFRAME_PORT=8080
DSNIFF=OFF
AUTO_DETECT=OFF
SENDMAIL=ON
EMAIL_PROVIDER=GMAIL
WEBATTACK_EMAIL=ON
APACHE_SERVER=ON
SELF_SIGNED_APPLET=ON
WEBATTACK_SSL=OFF
OSX_REVERSE_PORT=8080
AUTOMATIC_LISTENER=ON
SET_SHELL_STAGER=OFF
METASPLOIT_MODE=ON -
I would just grab a fresh copy of both and start there.
-
-
sledgehammer!
-
Yeah, something is definitely going bonkers…you can always do an apt-get remove set –purge and then apt-get install set and set-update…you can do the same to metasploit, but it may be more cantankerous.
You must be logged in to reply to this topic.
