Government Security
Network Security Resources

Jump to content

Photo

Meterpreter On External Network Fails

windows network payload metasploit exploit backdoor
  • Please log in to reply
3 replies to this topic

#1 Syotos

Syotos

    Private

  • Members
  • 1 posts

Posted 19 March 2012 - 07:01 AM

I did not open this thread to get 'guided', i just hope few questions answered here.
I had several friends to help me, i've created a backdoor using reverse meterpreter payload, and asked them nicelly for corporation. When corporation gained i set up the the exploit handler by the big books and i had successful connection back to me, but it never actually opens a metepreter session.
Starting the payload handler....
Sending stage (752128 bytes) to x.x.x.x
On the internal network works just fine, but on the outside it just stays on the 'sending stage'.
When i tried to run the backdoor on my virtual machine i've been prompted with the following message Meterpreter sessions 2 opened (x.x.x.x -> x.x.x.x ) at etc.....
Exploit failed: deadlock; recursive locking
Exploit completed, but no sessions was created.
So i could open my sessions the virtual machine, but i had another sessions obviously, that wasn't displayed in the sessions list.
Can i get a brief explanation of what the ... is happening?

The binary is created on backtrack using virtual machine and the exploit handler is set up on windows 7 machine.
Waiting for connection on my external ip and desired port.

Hope i was clear enough and thanks for your time. :)



#2 Glyph

Glyph

    General of the Army

  • GSO Management
  • 1,603 posts

Posted 20 March 2012 - 03:44 AM

Question 1:
Reverse meterpreter: the ip used should be your 'outside' ip: you should forward the port from your router to the msf system.
Hope this answers your question.

#3 infiltrator

infiltrator

    Staff Sergeant

  • Sergeant Major
  • 421 posts

Posted 22 April 2012 - 01:27 AM

Have to agree with Glyph there, use your external IP address, not Internal. Make sure your router has the correct ports forwarded and then give it a try again. There is also another option you could try, if it fails, place your attack's machine in a DMZ. This option is less secure, but it exposes the attacker machine to the internet, making the reverse connection happen flawlessly.

#4 hololeap

hololeap

    Private

  • Members
  • 4 posts

Posted 23 April 2012 - 09:21 PM

Also remember that some ISPs block the more popular exploitable ports like 135,139 etc. I'm not sure if this is the issue you are having since you said you are receiving a connection back, but it is something to keep in mind.





Also tagged with one or more of these keywords: windows, network, payload, metasploit, exploit, backdoor