can't get "meterpreter" in script_mvel_rce (elastic search) exploit
317 views
Skip to first unread message
ahm3...@gmail.com
Mar 11, 2017, 4:42:01 AM3/11/17
to null
I'm running metasploitable3 on virtualbox, kali-linux on vmware and the host os is windows 7.
Host System
OS: Windows 7
Packer Version: 0.12.3
Vagrant Version: 1.9.2
VirtualBox Version: 5.1.14
Although the "script_mvel_rce" module says "The target is vulnerable" after executing "check" command, it gave me "[*] Exploit completed, but no session was created." after executing "run" or "exploit".
msf exploit(script_mvel_rce) > check
[+] 172.28.128.3:9200 The target is vulnerable.
msf exploit(script_mvel_rce) > run
[*] Started bind handler
[*] Trying to execute arbitrary Java...
[*] Discovering remote OS...
[+] Remote OS is 'Windows Server 2008 R2'
[*] Discovering TEMP path
[+] TEMP path identified: 'C:\Windows\TEMP\'
[!] This exploit may require manual cleanup of 'C:\Windows\TEMP\Oef.jar' on the target
[*] Exploit completed, but no session was created.
the target machine runs "Elasticsearch REST API 1.1.1" on port 9200:
msf exploit(script_mvel_rce) > services
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
...
172.28.128.3 9200 tcp http open Elasticsearch REST API 1.1.1 name: Jessica Jones; Lucene 4.7
...
I tried to:
[1] reboot both kali & metasploitable3 machines
[2] switch the firewall off from both kali & metasploitable3
and yes I set the RHOST,RPORT,LHOST,LPORT and payload.
but the module still gives me the same result:
"[*] Exploit completed, but no session was created."
Also I saw this thread https://groups.google.com/forum/#!topic/null-co-in/CbGrGG9wNNk and no solution was there.. so could anyone help me with that?
Host System
OS: Windows 7
Packer Version: 0.12.3
Vagrant Version: 1.9.2
VirtualBox Version: 5.1.14
Although the "script_mvel_rce" module says "The target is vulnerable" after executing "check" command, it gave me "[*] Exploit completed, but no session was created." after executing "run" or "exploit".
msf exploit(script_mvel_rce) > check
[+] 172.28.128.3:9200 The target is vulnerable.
msf exploit(script_mvel_rce) > run
[*] Started bind handler
[*] Trying to execute arbitrary Java...
[*] Discovering remote OS...
[+] Remote OS is 'Windows Server 2008 R2'
[*] Discovering TEMP path
[+] TEMP path identified: 'C:\Windows\TEMP\'
[!] This exploit may require manual cleanup of 'C:\Windows\TEMP\Oef.jar' on the target
[*] Exploit completed, but no session was created.
the target machine runs "Elasticsearch REST API 1.1.1" on port 9200:
msf exploit(script_mvel_rce) > services
Services
========
host port proto name state info
---- ---- ----- ---- ----- ----
...
172.28.128.3 9200 tcp http open Elasticsearch REST API 1.1.1 name: Jessica Jones; Lucene 4.7
...
I tried to:
[1] reboot both kali & metasploitable3 machines
[2] switch the firewall off from both kali & metasploitable3
and yes I set the RHOST,RPORT,LHOST,LPORT and payload.
but the module still gives me the same result:
"[*] Exploit completed, but no session was created."
Also I saw this thread https://groups.google.com/forum/#!topic/null-co-in/CbGrGG9wNNk and no solution was there.. so could anyone help me with that?
webDEViL
Mar 11, 2017, 4:49:51 AM3/11/17
to null-...@googlegroups.com
You should do some debugging rather than just rely on Metasploits output.
- See if the Oef.jar is present in the Windows temp folder.
- Manually place a msfvenom generated jar to see if it gets detected by the AV (Defender) etc.
--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.
--
Reply all
Reply to author
Forward
0 new messages