.

Metasploit : Exploit exception: The connection timed out

<<

royale1223

Newbie
Newbie

Posts: 4

Joined: Thu Aug 11, 2011 1:00 pm

Post Fri Aug 12, 2011 4:12 am

Metasploit : Exploit exception: The connection timed out

I have detected a Windows 2000 5.0 server on my network with the following vulnerabilities:

Image


But the problem is when I try to exploit with Metasploit, I get the following error:

Image


I am using the following options:

Module: windows/smb/ms08_067_netapi
===================================

 Name                             Value
 ----                             -----
 AutoLoadStdapi                   true
 AutoRunScript                    
 AutoSystemInfo                   true
 ConnectTimeout                   10
 DCERPC::ReadTimeout              10
 DCERPC::fake_bind_multi          true
 DCERPC::fake_bind_multi_append   0
 DCERPC::fake_bind_multi_prepend  0
 DCERPC::max_frag_size            4096
 DCERPC::smb_pipeio               rw
 DisablePayloadHandler            false
 EXITFUNC                         thread
 EnableContextEncoding            false
 EnableUnicodeEncoding            true
 InitialAutoRunScript            
 LPORT                            4444
 NTLM::SendLM                     true
 NTLM::SendNTLM                   true
 NTLM::SendSPN                    true
 NTLM::UseLMKey                   false
 NTLM::UseNTLM2_session           true
 NTLM::UseNTLMv2                  true
 PAYLOAD                          windows/meterpreter/bind_tcp
 RHOST                            
 RPORT                            445
 SMB::ChunkSize                   500
 SMB::Native_LM                   Windows 2000 5.0
 SMB::Native_OS                   Windows 2000 2195
 SMB::VerifySignature             false
 SMB::obscure_trans_pipe_level    0
 SMB::pad_data_level              0
 SMB::pad_file_level              0
 SMB::pipe_evasion                false
 SMB::pipe_read_max_size          1024
 SMB::pipe_read_min_size          1
 SMB::pipe_write_max_size         1024
 SMB::pipe_write_min_size         1
 SMBDirect                        true
 SMBDomain                        .
 SMBName                          *SMBSERVER
 SMBPIPE                          BROWSER
 SMBPass                          
 SMBUser                          
 SSL                              false
 SSLVersion                       SSL3
 TARGET                           0
 TCP::max_send_size               0
 TCP::send_delay                  0
 VERBOSE                          false
 WfsDelay                         0


What am I doing wrong here? I tried all the available vulnerabilities but never managed to get a session.
Last edited by royale1223 on Fri Aug 12, 2011 9:27 am, edited 1 time in total.
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Fri Aug 12, 2011 8:41 am

Re: Metasploit : Exploit exception: The connection timed out

I hope that box is tight and protected since you left the RHOST displayed in the options :).  You might want to try to edit that out...
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

royale1223

Newbie
Newbie

Posts: 4

Joined: Thu Aug 11, 2011 1:00 pm

Post Fri Aug 12, 2011 9:26 am

Re: Metasploit : Exploit exception: The connection timed out

I just found out that it was a hoeypot. Edited
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 12, 2011 9:31 am

Re: Metasploit : Exploit exception: The connection timed out

Good.  Honeypot or not, never good to post ip's to your network range on an open forum, particularly those where malicious hackers (yes, there ARE unethical ones who browse us) might spot it without having to authenticate to see your posts. :-(

Nice to see you're working on your security skills, though.  Keep it up!
Last edited by hayabusa on Fri Aug 12, 2011 9:55 pm, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Aug 12, 2011 9:27 pm

Re: Metasploit : Exploit exception: The connection timed out

My question would be, why were you trying to exploit a box that you did not originally know was a honeypot...
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 12, 2011 9:42 pm

Re: Metasploit : Exploit exception: The connection timed out

Can't answer for them, except to say that in MANY organizations' security teams, the left hand doesn't know what the right hand is doing...  That is giving benefit of the doubt, anyway...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Mon Aug 15, 2011 9:03 am

Re: Metasploit : Exploit exception: The connection timed out

It might also be something a senior or supervisor put in place to test the abilities of the security team to find and identify the machine.  It is a great tool to measure performance for review or progression/promotion time.
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software