Exploit Completed, but no session was created

  • I'm using Metasploit to exploit ms08-067_netapi targeting windows xp sp3. I'm going along with the book Penetration Testing-A Hands-on Introduction to Hacking.

    This is how I'm doing it.

    use windows/smb/ms08_067_netapi
    set RHOST <ip for windows xp>

    I get the message

    Exploit Completed, but no session was created

    with many payloads that I tried.

    I've checked for everything that internet told me could cause this problem like network connection between attacker and target, changing the payload, checking the firewall (disabled) but I get the message every time.

    Can someone tell me what this message is and how to overcome it? What am I doing wrong?

    Silly question, but Is the target patched against the exploit?

    I checked for it using systeminfo command and I found that it's not patched. is there any other way I can make sure of it?

    Keep in mind that many exploits may be covered in more than one patch, including cumulative ones.

    Luckily in my case there's only one patch.

    your windows xp is 64bit but ms08_067_netapi is for windows xp 32bit

    Check the settings for msfconsole with `options`. I sometimes find that target IPs get changed or default to something different than that of the target. For example if the target is connected via `tun0` msf might default to `eth0`. If not maybe post the output of `options` so we can take a look

  • The message tells you that probably your exploit has failed. Many exploits are not 100% reliable or your target is patched so this can happen. Not always a message will tell you that your exploit has failed instead you will see this message. But it is also possible that you have configured your payload handler wrong and so the payload code can't connect back.

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM

Tags used