Devel can't start a session

Exploit :- ms09_053_ftpd_nlst
[] Started reverse TCP handler on 10.10.14.37:4444
[
] 257 “MNDDACWWDP” directory created.
[] 250 CWD command successful.
[
] Creating long directory…
[] 451 No mapping for the Unicode character exists in the target multi-byte code page.
[
] 200 PORT command successful.
[] Trying target Windows 2000 SP3 English (IIS 5.0)…
[
] 451 No mapping for the Unicode character exists in the target multi-byte code page.
[*] Exploit completed, but no session was created.

Any help?

You dont need this exploit :slight_smile:

The always obvious “Try Harder” comes to mind, but seriously, try another approach. This exploit isn’t the one you want.

@Stylish @SnakeMind Okay i came up without another script but it fails authentication yet again … any help?
Script :- https://blog.rootshell.be/wp-content/uploads/2009/08/IIS-FTP.nse

to get in ftp u will not need any script. Just basic thinking. More I cannot say without spoiling…

Some helpful advice for the future, Metasploit doesn’t have the solution for all the labs. Don’t panic… just look at the services that you are scanning and just have a quick google at how they work.

try to check what you are actually attacking, and google that :slight_smile:

There is no need for metasploit to get into ftp, just a google search and basic thinking.

Try harder

If you still dont understand pm me i will try help you without spoil

Okay after fiddling around i am able to get to the ftp and i planted a .aspx but when i try to run that script it opens code in the browser instead of working.

I’ve noticed a couple of threads here where you seem to ask for help too soon. The catch-call for Offensive Security is “try harder”, for very good reason. If you ask here, and you get help, what did you learn? Just that exploit, if that? This industry / hobby / whatever it is to you is about persistence. It’s not uncommon to spend -days- on a single task for a box. You will often feel like you’re trying the same thing over and over, but through your persistence you will learn.

Please, can we not develop a habit of giving out hints here and in the slack channel. It just ruins the journey for people and waters down a process that should be hard won to maximize what you learn. If you get stuck then pull apart your enumeration, work out what is running on a box, identify the weak points in your knowledge and start learning about them - then re-review. You’ll be surprised how much you learn, and more often than not the path to a solution will become clearer to you.

And with that in mind:

Try harder!

:+1: @codingo

:+1: @codingo

@codingo thanks a tons I’ll try harder :slight_smile:

@CodingKarma Thanks for the helpful hints dude, the OWASP website also contains a long comprensive list of attacks “https://www.owasp.org/index.php/Category:Attack” combined with code examples for users to test against their assets. Also think that the vuln hub writeups are useful ?

@teshy09 the write ups are defo the best way to learn new tips and tricks