I keep getting that "exploit completed but no session was created" Error everytime I run and exploit

Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn’t working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says “Sense Auto is not understood, try true or false.” I am trying to work with LAME, but legacy gives me the same issues. It doesn’t matter the payload or the exploit I still get that error. It’s making me sad guys. I really want this to work. I have been using this forum post [SOLVED] Exploit completed, but no sessions created. - Machines - Hack The Box :: Forums. I still am having issues

@ogoody3365 said:

Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn’t working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says “Sense Auto is not understood, try true or false.” I am trying to work with LAME, but legacy gives me the same issues. It doesn’t matter the payload or the exploit I still get that error. It’s making me sad guys. I really want this to work. I have been using this forum post [SOLVED] Exploit completed, but no sessions created. - Machines - Hack The Box :: Forums. I still am having issues

Without more information, it’s difficult to do anything except guess an answer.

Some things to consider.

  • Your attack and payload have to be valid for the target. If you are just trying a load of them, then all kinds of things might be happening. Without knowing what box you are using what attack on it could be as simple as MSF is never going to work on the attack you are trying.

For example, if you are using the vsftpd_234_backdoor exploit on Lame, it _ won’t_ work. All you will ever get is Exploit completed, but no session was created.

  • You need to make sure your choice of staged vs non-staged payload is going to work not the target.
  • When you run the exploit, does MSF say the target is vulnerable before it says it can’t create the session? If not, that is the problem.
  • You’ve disabled the firewall but there are still other reasons why a port might not be suitable for the shell. Try some different LPORT settings and see if that changes anything.
  • If you are using an SMB exploit on an old box with a new version of MSF (such as MSF6), then there are lots of other complexities which could mean it won’t work. Most of the exploits on Lame seem to use MSF5.

Type your comment> @TazWake said:

@ogoody3365 said:

Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn’t working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says “Sense Auto is not understood, try true or false.” I am trying to work with LAME, but legacy gives me the same issues. It doesn’t matter the payload or the exploit I still get that error. It’s making me sad guys. I really want this to work. I have been using this forum post [SOLVED] Exploit completed, but no sessions created. - Machines - Hack The Box :: Forums. I still am having issues

Without more information, it’s difficult to do anything except guess an answer.

Some things to consider.

  • Your attack and payload have to be valid for the target. If you are just trying a load of them, then all kinds of things might be happening. Without knowing what box you are using what attack on it could be as simple as MSF is never going to work on the attack you are trying.

For example, if you are using the vsftpd_234_backdoor exploit on Lame, it _ won’t_ work. All you will ever get is Exploit completed, but no session was created.

  • You need to make sure your choice of staged vs non-staged payload is going to work not the target.
  • When you run the exploit, does MSF say the target is vulnerable before it says it can’t create the session? If not, that is the problem.
  • You’ve disabled the firewall but there are still other reasons why a port might not be suitable for the shell. Try some different LPORT settings and see if that changes anything.
  • If you are using an SMB exploit on an old box with a new version of MSF (such as MSF6), then there are lots of other complexities which could mean it won’t work. Most of the exploits on Lame seem to use MSF5.

Thank you for your help. Can I chat with you safely? like, I don’t know how to appropriately explain this. do you have discord or something? I feel like the issue that I would like fix would be the trying to uninstall Metasploit. This is making me sad and feel kinda dumb, but I will not give up. another question is when I am changing the payload and I try to run something like…payload/cmd/unix/reverse_zsh I get unknown command.

@ogoody3365 said:

Thank you for your help. Can I chat with you safely?

Yes - you can send me a direct message on this but I might not reply for 6-7 hours now.

like, I don’t know how to appropriately explain this. do you have discord or something? I feel like the issue that I would like fix would be the trying to uninstall Metasploit.

Uninstalling metasploit is unlikely to fix this problem. Its almost certainly not the problem here.

This is making me sad and feel kinda dumb, but I will not give up. another question is when I am changing the payload and I try to run something like…payload/cmd/unix/reverse_zsh I get unknown command.

If you run random payloads, you will probably get random output.

Type your comment> @TazWake said:

@ogoody3365 said:

Every time I run an exploit no matter the attack or payload I keep getting this error. I really need help. This really isn’t working and it seems like it should. I have disabled my firewall, and I am trying sudo apt-get --auto-remove metasploit-framework and it is not working. It says “Sense Auto is not understood, try true or false.” I am trying to work with LAME, but legacy gives me the same issues. It doesn’t matter the payload or the exploit I still get that error. It’s making me sad guys. I really want this to work. I have been using this forum post [SOLVED] Exploit completed, but no sessions created. - Machines - Hack The Box :: Forums. I still am having issues

Without more information, it’s difficult to do anything except guess an answer.

Some things to consider.

  • Your attack and payload have to be valid for the target. If you are just trying a load of them, then all kinds of things might be happening. Without knowing what box you are using what attack on it could be as simple as MSF is never going to work on the attack you are trying.

For example, if you are using the vsftpd_234_backdoor exploit on Lame, it _ won’t_ work. All you will ever get is Exploit completed, but no session was created.

  • You need to make sure your choice of staged vs non-staged payload is going to work not the target.
  • When you run the exploit, does MSF say the target is vulnerable before it says it can’t create the session? If not, that is the problem. It does not What does this mean?
  • You’ve disabled the firewall but there are still other reasons why a port might not be suitable for the shell. Try some different LPORT settings and see if that changes anything.
  • If you are using an SMB exploit on an old box with a new version of MSF (such as MSF6), then there are lots of other complexities which could mean it won’t work. Most of the exploits on Lame seem to use MSF5.

So if I can’t exploit the vulnerabilities for the lame box should I just move on? I keep getting this exploit completed message, but no shells. Would it hurt to downgrade msf? if so how do I do that?

@ogoody3365 said:

So if I can’t exploit the vulnerabilities for the lame box should I just move on?

Well, you can but you don’t have to. MSF is not the only way to exploit the box.

At least one of the walk through for the box covers a non-MSF exploitation approach.

Lame Hack The Box without Metasploit | by MrNmap | Medium and https://wiki.jacobshodd.com/writeups/hack-the-box/lame

They use a python script to exploit SMB. It probably uses python2 so you might still face challenges getting it working.

Part of it depends on what you want to get out of exploiting Lame. There isn’t a lot about this box which you can re-use elsewhere.

I keep getting this exploit completed message, but no shells.

Just to check then, you are trying: exploit/multi/samba/usermap_script?

If so it might be that you need to go for either the python approach or a different box.

Would it hurt to downgrade msf? if so how do I do that?

I don’t know and it would cause loads of issues on everything else. If you really need this to work, you might be better downloading an older Kali image and installing that. Or spin up a new VM with any distro and just install old MSF - then you can dispose of it when you are done.

I just wanna get a shell or be able to exploit anything. This is really making me sad. I just really need a win. I switched to scriptkiddie and all of the payloads that are available for TCP 5000 Werkzeug they all fail with this error. when I try bind shells it looks it says secret code not found. I just want this to work.

@ogoody3365 said:

I just wanna get a shell or be able to exploit anything.

Ok, but there are a lot of other retired boxes.

With lame, you can still get a shell with the python exploit.

This is really making me sad. I just really need a win. I switched to scriptkiddie and all of the payloads that are available for TCP 5000 Werkzeug they all fail with this error.

So that’s a live box until tomorrow which makes giving blatant advice challenging.

However, the initial foothold is not an exploit on TCP5000.

when I try bind shells it looks it says secret code not found. I just want this to work.

Scriptkiddie’s initial foothold requires a bit of googling to find, it is easy to do, it just isn’t easy to know.

I get that it is really frustrating for you right now, but a better plan might be to step away from trying to use MSF as an autopwn and find a different retired box. Work through the walkthrough and keep good notes. Then, after you’ve done a few, you will find it all a bit easier.

I had the same problem with metasploit in Legacy and Lame.
It turns out I had to change my LHOST to tun0.
To find out what is your IP address of tun0 type “ifconfig” and look at the address next to “inet” in the terminal.

1 Like

Changing it to tun0 IP and I’m able to get a reverse connection back !

The error message “exploit completed but no session was created” is a common issue when running an exploit in penetration testing or ethical hacking. This error message indicates that the exploit ran successfully, but it was not able to create a session with the targeted system.

There are a few possible reasons for this error message, including:

Firewall or antivirus blocking the connection: The firewall or antivirus software on the targeted system may be blocking the connection that the exploit is trying to create. Check if the ports and protocols required for the exploit are blocked by the firewall or antivirus software.

Incorrect configuration of the exploit: The exploit may not be configured correctly. Ensure that you have set the correct IP addresses, ports, and other parameters required for the exploit to work.

Patched system: The targeted system may have been patched against the vulnerability exploited by the exploit. Check if the targeted system is running the latest security patches and updates.

Exploit is not compatible with the targeted system: The exploit may not be compatible with the targeted system. Ensure that you have selected the correct exploit for the targeted system and its operating system version.

Network issues: There may be network issues, such as a slow or unstable connection, that are preventing the exploit from creating a session. Ensure that you have a stable network connection.

Regards,
Rachel Gomez