As a beginner, I had many issues with getting a No session was created
status on Metasploit. For some machines, I managed to work around it, but for others nothing would work. I could not find an answer on the forums hence decided to post this.
After much research I discovered that it might be that a firewall is enabled and blocking some connections back to Metasploit.
For example, my system was using the ufw firewall.
I did sudo ufw status
and found that it was active.
You can disable it using sudo ufw disable
Found a guide to help with enabling/disabling the firewall’s on Linux:
https://www.cyberciti.biz/faq/linux-disable-firewall-command/
Hope this helps anyone dealing with the No session was created
issue!
The vulnerable machines are always built with misconfigured firewall only, so you can get any type of shell as you want.
The problem might be from your side.
Imo it’s never a good idea to completely disable the firewall on your machine. Disabling ufw works because ufw blocks all incoming by default.
As long as you know the LPORT for the metasploit session, you could probably just do
sudo ufw allow from [RHOST IP] to [LHOST IP] port [LPORT]
@ricepancakes said:
Imo it’s never a good idea to completely disable the firewall on your machine.
99.99% of the time I’d agree, however I’d make an exception for a system I as was using as an “attack” host, either HTB or wherever.
Realistically this shouldn’t be a production machine and most of the time the security controls are going to get in your way, even if it as simple as the firewall dropping ICMP Destination Unreachable messages so your recon tools get confused.
The idea was much better explained by the Hack Naked podcast and is mentioned in this post from the awesome Black Hills Information Security team: Are You Really Hacking Naked? - Black Hills Information Security