Exploit completed, but no session was created

I have tried 4 different retired HTB challenges and have been trying to familiarise myself with all of the processes and tools and have come so close to completing them, but with 3 of them I get an error message after running 'metasploit'.

The reverse TCP loads, each time, the script runs, but then I get to the end and get the dreaded line:

'Exploit completed, but no session was created'

I have trawled Google and all I can see is maybe you're not connecting to the right port, but when I ping the port I get a positive result. I am sure I am missing something tiny. Can anyone offer any help please.

Thanks

Tagged:

Comments

  • There's a few basic things that it could be;
    Make sure that your LHOST/SRVHOST is set to your vpn's local address, or tun0:
    If this isn't set, most modules will use your default interface's(usually eth0 or wlan0) local ip as the value.
    You can get the IP with the 'ifconfig' command, if you're using a kali virtual machine then and are connected to the HTB vpn then when you run the command you should see 'lo', 'eth0', and 'tun0'. You want to use the inet value under tun0. Usually 10.10.. on HTB. Most modules support supplying just 'tun0' or whatever your vpn's interface is labeled as.

    Another thing could be your firewall. Check and see if UFW or whatever your firewall of choice is running, either stop it with 'systemctl stop insert_firewall_here' or set a rule that allows inbound connections on the port you're trying to get a session on.

    One other thing, some exploits have a tendency to mess up boxes, it's entirely possible that whatever box you're trying to get access to is foobar; So try resetting it.

    Hopefully this helps :)

  • which boxes or chall ?

    peek

  • @Laine thanks very much I will try those as soon as I can and let you know

  • @peek Blue and Lame both have the same issues
  • yeah very unstable machines, run many times your exploit, and reset.

    peek

  • Hey @albinomonkey,
    Sounds like you are mixing up using staged and stageless payloads and listeners maybe.

    Read this. 😉👍
    https://blog.rapid7.com/2015/03/25/stageless-meterpreter-payloads/
  • edited January 6

    wrong post lol sorry

  • Type your comment> @Laine said:

    There's a few basic things that it could be;
    Make sure that your LHOST/SRVHOST is set to your vpn's local address, or tun0:
    If this isn't set, most modules will use your default interface's(usually eth0 or wlan0) local ip as the value.
    You can get the IP with the 'ifconfig' command, if you're using a kali virtual machine then and are connected to the HTB vpn then when you run the command you should see 'lo', 'eth0', and 'tun0'. You want to use the inet value under tun0. Usually 10.10.. on HTB. Most modules support supplying just 'tun0' or whatever your vpn's interface is labeled as.

    Another thing could be your firewall. Check and see if UFW or whatever your firewall of choice is running, either stop it with 'systemctl stop insert_firewall_here' or set a rule that allows inbound connections on the port you're trying to get a session on.

    One other thing, some exploits have a tendency to mess up boxes, it's entirely possible that whatever box you're trying to get access to is foobar; So try resetting it.

    Hopefully this helps :)

  • Thank you very much ... it's working :)

Sign In to comment.