SET Error on port 80

Viewing 17 reply threads
  • Author
    Posts
    • #7661
      skorpinok
      Participant

      Hello
                When i run social engineering tool kit i get this error  :Something is running on port 80. Seeing if it’s a stale SET process.
      i used Java Applet Attack Method-Site – site cloner. i restarted SET & still the problem persists,please suggest me how to solve this ?

      Thank you

      set:payloads> PORT of the listener [443]:
      [*] Done, moving the payload into the action.
      [-] Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload…
      [*] Stager turned off, prepping direct download payload…
      [*] Please note that the SETSHELL and RATTE are not compatible with the powershell injection technique. Disabling the powershell attack.
      [!] ERROR:Something is running on port 80. Seeing if it’s a stale SET process…
      [!] If you want to use Apache, edit the config/set_config
      [!] Exit whatever is listening and restart SET

    • #47792
      cd1zz
      Participant

      If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.

      netstat -antp will tell you what the problem is.

    • #47793
      skorpinok
      Participant

      @cd1zz wrote:

      If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.

      netstat -antp will tell you what the problem is.

      I’m using backtrack 5r2, a netstat -antp reveals me this,

      root@bt:~# netstat -antp

      Active Internet connections (servers and established)

      Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name

      tcp        0      0 0.0.0.0:80              0.0.0.0:*              LISTEN      1127/apache2   

      tcp        0      0 127.0.0.1:5432          0.0.0.0:*              LISTEN      786/postgres   

      tcp6      0      0 ::1:5432                :::*                    LISTEN      786/postgres   

    • #47794
      Data_Raid
      Participant

      @skorpinok wrote:

      @cd1zz wrote:

      If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.

      netstat -antp will tell you what the problem is.

      I’m using backtrack 5r2, a netstat -antp reveals me this,

      root@bt:~# netstat -antp

      Active Internet connections (servers and established)

      Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

      tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1127/apache2    

      tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      786/postgres    

      tcp6       0      0 ::1:5432                :::*                    LISTEN      786/postgres    

      Apache is running, I highlighted in bold, that’s why SET doesn’t load.
      Try stopping Apache and see if that helps: “apache2 stop”  or “/etc/init.d/apache2 stop”

    • #47795
      cd1zz
      Participant

      Or, just configure SET to use apache in set_config:

      # USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
      # THE ATTACK VECTOR
      APACHE_SERVER=ON

    • #47796
      skorpinok
      Participant

      @cd1zz wrote:

      Or, just configure SET to use apache in set_config:

      # USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
      # THE ATTACK VECTOR
      APACHE_SERVER=ON

      Thanks now it works without any problem, did exactly as you said, however , in the mean while iam faced with another problem, metasploit wont load in SET (waited for minutes )when i use java applet attack method,any idea what could be causing this ?

      info…

      –] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox
      Apache web server is currently in use for performance.

      [*] Moving payload into cloned website.
      [*] The site has been moved. SET Web Server is now listening..
      [-] Launching MSF Listener…
      [-] This may take a few to load MSF…

      Press [return] when finished.

      Thank you

    • #47797
      cd1zz
      Participant

      I’m not sure I see where the error is. Double check the set_config that it is pointed to the correct msf directory.

    • #47798
      skorpinok
      Participant

      @cd1zz wrote:

      I’m not sure I see where the error is. Double check the set_config that it is pointed to the correct msf directory.

      Well in set_config previously was default /pentest/exploits/framework3, which i later changed to cd /opt/metasploit/msf3/ after this still same problem, then i located msfconsole through terminal

      root@bt:~# locate msfconsole
      /opt/metasploit/app/msfconsole
      /opt/metasploit/apps/pro/msf3/msfconsole
      /opt/metasploit/apps/pro/msf3/test/functional/framework/msfconsole_spec.rb
      /opt/metasploit/msf3/msfconsole
      /opt/metasploit/msf3/.svn/prop-base/msfconsole.svn-base
      /opt/metasploit/msf3/.svn/text-base/msfconsole.svn-base
      /opt/metasploit/msf3/documentation/msfconsole_rc_ruby_example.rc
      /opt/metasploit/msf3/documentation/.svn/text-base/msfconsole_rc_ruby_example.rc.svn-base
      /opt/metasploit/msf3/external/source/armitage/resources/msfconsole.style
      /opt/metasploit/msf3/external/source/armitage/resources/.svn/text-base/msfconsole.style.svn-base
      /opt/metasploit/msf3/test/functional/framework/msfconsole_spec.rb
      /opt/metasploit/msf3/test/functional/framework/.svn/text-base/msfconsole_spec.rb.svn-base
      /pentest/exploits/framework2/msfconsole
      /pentest/exploits/framework2/docs/QUICKSTART.msfconsole
      /usr/local/bin/msfconsole
      /usr/share/applications/backtrack-metasploit-msfconsole.desktop

      then once again i configure in SET DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
      METASPLOIT_PATH= /pentest/exploits/framework2/msfconsole.

      still not working anymore, where could be the problem, i use Backtrack 5R2, metasploit v4.4.0-dev. any ideas ?

    • #47799
      cd1zz
      Participant

      Dont point it to the msfconsole binary, point it to the path. It should be

      /pentest/exploits/framework3

    • #47800
      skorpinok
      Participant

      @cd1zz wrote:

      Dont point it to the msfconsole binary, point it to the path. It should be

      /pentest/exploits/framework3

      ok i changed it to
      /pentest/exploits/framework3

      its same thing again msf just wont load at all..

      here is the brief info.. i go to …

        Website Attack Vectors -> Java Applet Attack Method–> Site Cloner
      Are you using NAT/Port Forwarding [yes|no]: no

      IP address for the reverse connection:192.168.56.101 (backtrack ip)

      [*] Cloning the website: http://www.gmail.com
      [*] This could take a little bit…
      [*] Injecting Java Applet attack into the newly cloned website.
      [*] Filename obfuscation complete. Payload name is: 84hPykFDDtYIJKx
      [*] Malicious java applet website prepped for deployment

      What payload do you want to generate: Windows Reverse_TCP Meterpreter

      Payload : Backdoored Executable (BEST)

      set:payloads> PORT of the listener [443] ( i press enter default)

      [*] Generating x64-based powershell injection code…
      [*] Generating x86-based powershell injection code…
      [*] Finished generating shellcode powershell injection attack and is encoded to bypass execution restriction policys…
      [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds…
      [*] Backdoor completed successfully. Payload is now hidden within a legit executable.
      [*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
      [-] Packing the executable and obfuscating PE file randomly, one moment.
      [*] Digital Signature Stealing is ON, hijacking a legit digital certificate
      [*] Generating OSX payloads through Metasploit…
      [*] Generating Linux payloads through Metasploit…
      [*] Apache appears to be running, moving files into Apache’s home

      ***************************************************
      Web Server Launched. Welcome to the SET Web Attack.
      ***************************************************

      Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox
      Apache web server is currently in use for performance.

      [*] Moving payload into cloned website.
      [*] The site has been moved. SET Web Server is now listening..
      [-] Launching MSF Listener…
      [-] This may take a few to load MSF…

    • #47801
      cd1zz
      Participant

      How long are you waiting?

      Does metasploit start separately, on it’s own?

    • #47802
      hell_razor
      Participant

      It should be /pentest/exploits/framework (they dropped the 3) or
      /opt/metasploit/msf3

    • #47803
      cd1zz
      Participant

      Yep, hell_razor is right. I was going off memory. Just checked and they did drop the 3. However, I thought SET threw an error when it used the wrong dir.

    • #47804
      skorpinok
      Participant

      @cd1zz wrote:

      Yep, hell_razor is right. I was going off memory. Just checked and they did drop the 3. However, I thought SET threw an error when it used the wrong dir.

      sorry bro.. i did what mr. razor told tried each one of them  /pentest/exploits/framework & /opt/metasploit/msf3, its out of luck, its same again, updated metasploit & SET too before this. well i’ll try to reinstall Backtrack 5R2 O.S… guess this would work..

      here is the brief info regarding my set_config..

      DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
      METASPLOIT_PATH= /opt/metasploit/msf3

      METASPLOIT_DATABASE=postgresql
      HOW MANY TIMES SET SHOULD ENCODE A PAYLOAD IF YOU ARE USING STANDARD METASPLO
      ENCOUNT=4
      AUTO_MIGRATE=OFF
      BACKDOOR_EXECUTION=ON
      METASPLOIT_IFRAME_PORT=8080
      DSNIFF=OFF
      AUTO_DETECT=OFF
      SENDMAIL=ON
      EMAIL_PROVIDER=GMAIL
      WEBATTACK_EMAIL=ON
      APACHE_SERVER=ON
      SELF_SIGNED_APPLET=ON
      WEBATTACK_SSL=OFF
      OSX_REVERSE_PORT=8080
      AUTOMATIC_LISTENER=ON
      SET_SHELL_STAGER=OFF
      METASPLOIT_MODE=ON

    • #47805
      cd1zz
      Participant

      I would just grab a fresh copy of both and start there.

    • #47806
      skorpinok
      Participant

      @cd1zz wrote:

      I would just grab a fresh copy of both and start there.

      now i see that metasploit works on Spear-Phishing Attack Vectors,but not in java applet attack method..well said .. better if i would reinstall O.S itself…

    • #47807
      cd1zz
      Participant

      sledgehammer!

    • #47808
      hell_razor
      Participant

      Yeah, something is definitely going bonkers…you can always do an apt-get remove set –purge and then apt-get install set and set-update…you can do the same to metasploit, but it may be more cantankerous.

Viewing 17 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?