Devel can't start a session

HTB Content Machines
,
1

Exploit :- ms09_053_ftpd_nlst
[] Started reverse TCP handler on 10.10.14.37:4444
[] 257 “MNDDACWWDP” directory created.
[] 250 CWD command successful.
[] Creating long directory…
[] 451 No mapping for the Unicode character exists in the target multi-byte code page.
[] 200 PORT command successful.
[] Trying target Windows 2000 SP3 English (IIS 5.0)…
[] 451 No mapping for the Unicode character exists in the target multi-byte code page.
[*] Exploit completed, but no session was created.

Any help?

2

You dont need this exploit :slight_smile:

3

The always obvious “Try Harder” comes to mind, but seriously, try another approach. This exploit isn’t the one you want.

4

@Stylish @SnakeMind Okay i came up without another script but it fails authentication yet again … any help?
Script :- https://blog.rootshell.be/wp-content/uploads/2009/08/IIS-FTP.nse

5

to get in ftp u will not need any script. Just basic thinking. More I cannot say without spoiling…

6

Some helpful advice for the future, Metasploit doesn’t have the solution for all the labs. Don’t panic… just look at the services that you are scanning and just have a quick google at how they work.

7

try to check what you are actually attacking, and google that :slight_smile:

8

There is no need for metasploit to get into ftp, just a google search and basic thinking.

9

Try harder

10

If you still dont understand pm me i will try help you without spoil

11

Okay after fiddling around i am able to get to the ftp and i planted a .aspx but when i try to run that script it opens code in the browser instead of working.

12

I’ve noticed a couple of threads here where you seem to ask for help too soon. The catch-call for Offensive Security is “try harder”, for very good reason. If you ask here, and you get help, what did you learn? Just that exploit, if that? This industry / hobby / whatever it is to you is about persistence. It’s not uncommon to spend -days- on a single task for a box. You will often feel like you’re trying the same thing over and over, but through your persistence you will learn.

Please, can we not develop a habit of giving out hints here and in the slack channel. It just ruins the journey for people and waters down a process that should be hard won to maximize what you learn. If you get stuck then pull apart your enumeration, work out what is running on a box, identify the weak points in your knowledge and start learning about them - then re-review. You’ll be surprised how much you learn, and more often than not the path to a solution will become clearer to you.

And with that in mind:

Try harder!

13

:+1: @codingo

14

:+1: @codingo

15

@codingo thanks a tons I’ll try harder :slight_smile:

16

@CodingKarma Thanks for the helpful hints dude, the OWASP website also contains a long comprensive list of attacks “Attacks | OWASP Foundation” combined with code examples for users to test against their assets. Also think that the vuln hub writeups are useful ?

17

@teshy09 the write ups are defo the best way to learn new tips and tricks