.

Metasploit.

<<

H4TT1fn4TT

User avatar

Jr. Member
Jr. Member

Posts: 54

Joined: Tue Feb 08, 2011 2:48 pm

Location: Void

Post Wed Apr 27, 2011 2:25 pm

Metasploit.

I need some help here. I am trying to use one of the exploits that comes with Metasploit to see if I can re-create an event that happened.

I am running Backtrack4 R2 in Oracle VM and have osCommerce set up on my main machine using the WAMP package.

The version of osCommerce is osCommerce 2.2-MS2.

No matter what I try I can not seem to be able to exploit my machine. As a payload I am using generic/shell_reverse_tcp.

This is the Metasploit page on the exploit: http://www.metasploit.com/modules/explo ... ilemanager.

I have set all the options and tried both IP addresses as VHOST as I thought that might be the problem but it was not.

The Virtual Box is set to bridged networking.

Any help on this one would be welcome.
"The quality of programmers is a decreasing function of the density of go to statements in the programs they produce."
<<

millwalll

Post Wed Apr 27, 2011 2:37 pm

Re: Metasploit.

Do you get any errors? The only thing I can think of is as your using bridged networking it would have the same IP address maybe it does not like it.

as your RHOSt and VHOST would be the same but I am not expert on Metasploit
<<

H4TT1fn4TT

User avatar

Jr. Member
Jr. Member

Posts: 54

Joined: Tue Feb 08, 2011 2:48 pm

Location: Void

Post Wed Apr 27, 2011 2:40 pm

Re: Metasploit.

I was thinking that. Thought I would try it using a free hosting account but try finding one these day's with register_globals and register_array_long both enabled in php.ini...
"The quality of programmers is a decreasing function of the density of go to statements in the programs they produce."
<<

AndyB67

User avatar

Full Member
Full Member

Posts: 100

Joined: Fri Jan 14, 2011 7:13 am

Location: UK

Post Wed Apr 27, 2011 4:16 pm

Re: Metasploit.

I had a similar problem with another app and ended up sticking a 2nd network card in and buying VM Workstation so I could tie the VM's down to a specific card
Net+ Sec+ More to come
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Wed Apr 27, 2011 4:33 pm

Re: Metasploit.

Are you able to pass traffic between the two machines prior to attempting to exploit it?  If you are, that'll tell you that it's not an interface/routing issue, but something with the exploit itself.
GSEC, eCPPT, Sec+
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Apr 28, 2011 10:03 am

Re: Metasploit.

Have you tried using a sniffer? Analyzing traffic always helped me find the solution...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)

Return to Other

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software