Question

[one.miguel at gmail.com (one.miguel at gmail.com)]

What's happening is that you're machine is waiting for connections to
port 8080.  Your victim machine would need to open a connection to
http://127.0.0.1:8080 in order to get exploited.  I suggest reading
through the metasploit manuals and reading the exploit writeups:

msf > info winamp_playlist_unc



On 2/24/07, Pierrick Plamondon <plamon at damas.ift.ulaval.ca> wrote:
>  OK maybe it is way I get this message... But, also I tried to install
> winamp 5.12 from there
> http://www.filehippo.com/download_winamp/?613
>
>  Then you can see what I did here :
>
>  msf winamp_playlist_unc(win32_exec) > show options
>
>  Exploit and Payload Options
>  ===========================
>
>    Exploit:    Name        Default      Description
>    --------    --------    ---------
> -------------------------------------------
>    optional    REALHOST    127.0.0.1    External address to use for
> redirects (NAT)
>    optional    HTTPHOST    127.0.0.1    The local HTTP listener host
>    required    HTTPPORT    8080         The local HTTP listener port
>
>    Payload:    Name        Default    Description
>    --------    --------    -------
> ------------------------------------------
>    required    EXITFUNC    process    Exit technique: "process", "thread",
> "seh"
>    required    CMD         dir        The command string to execute
>
>    Target: Winamp 5.12 Universal
>
>  msf winamp_playlist_unc(win32_exec) > exploit
>  [*] Waiting for connections to http://127.0.0.1:8080/
>
>
>
>  Then, nothing happens. Is it normal? I would expect a little message saying
> the exploit worked and what it did, I don't know.
>
>  I was told by a professor to prepare some simple examples of exploits for
> his students to try...
>
>  Thanks!
>
>  Pierrick
>
>
>
>  Simple Nomad wrote:
>  Are you actually running an IMAP server on your system?
>
> On Sat, 2007-02-24 at 18:52 -0500, Pierrick Plamondon wrote:
>
>
>  My windows firewall is turned off. I don't have any anti virus. The IP
> I put in the RHOST setting is mine. My windows version is XP SP2
> English. I really don't see what's wrong.
>
> Pierrick
>
>
> H D Moore wrote:
>
>
>  The error is a generic response when the exploit could not connect to the
> host specified by the RHOST setting. Make sure that the RHOST system does
> not have a firewall (or at least allows RPORT) through.
>
> -JD
>
> On Saturday 24 February 2007 14:00, Pierrick Plamondon wrote:
>
>
>
>  use mdaemon_imap_cram_md5
>  set RHOST MY_IP_ADDRESS // I put my IP address here
>  set TARGET 0
>  set PAYLOAD win32_exec
>  set CMD dir // here I don't really what to write.
>  exploit // then I get the error message Error creating socket:
> Connection failed: Operation now in progress message