As a beginner, I had many issues with getting a No session was created
status on Metasploit. For some machines, I managed to work around it, but for others nothing would work. I could not find an answer on the forums hence decided to post this.
After much research I discovered that it might be that a firewall is enabled and blocking some connections back to Metasploit.
For example, my system was using the ufw firewall.
I did sudo ufw status
and found that it was active.
You can disable it using sudo ufw disable
Found a guide to help with enabling/disabling the firewall's on Linux:
https://www.cyberciti.biz/faq/linux-disable-firewall-command/
Hope this helps anyone dealing with the No session was created
issue!
Comments
The problem might be from your side.
A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps
Imo it's never a good idea to completely disable the firewall on your machine. Disabling ufw works because ufw blocks all incoming by default.
As long as you know the LPORT for the metasploit session, you could probably just do
Write-Ups here: https://catsandpancakes.github.io
@ricepancakes said:
99.99% of the time I'd agree, however I'd make an exception for a system I as was using as an "attack" host, either HTB or wherever.
Realistically this shouldn't be a production machine and most of the time the security controls are going to get in your way, even if it as simple as the firewall dropping ICMP Destination Unreachable messages so your recon tools get confused.
The idea was much better explained by the Hack Naked podcast and is mentioned in this post from the awesome Black Hills Information Security team: https://www.blackhillsinfosec.com/really-hacking-naked/
Note: https://www.nohello.com/
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Currently have very limited HTB time but will try to respond as quickly as possible.