1

I tried the exploit with meterpreter reverse tcp on both SP1/SP3 machines and both returned a statement of exploit completed but no session was created. Both machines have firewall off. I want to have my first meterpreter session opened to experiment with this. BTW, these are virtual machines.

XP SP3 RESULT: 

Started reverse TCP handler on [LHOST]:4444
Automatically detecting your target 
Fingerprint: Windows XP SP3 English (AlwaysOn NX)
Selected Target: Windows XP SP3 English (AlwaysOn NX)
Attempting to trigger the vulnerability 
Exploit completed, but no session was created
schroeder
  • 123,438
  • 55
  • 284
  • 319
silentcallz
  • 11
  • 1
  • 1
  • 5

2 Answers2

2

There are many reasons for this exploit to fail, in short:

  • The target is patched.
  • 'Not supported language' error from the target.
  • The payload can't execute correctly.
  • Networking errors 'reverse connection through NAT'.

From experience with the same issue, I recommend to do the following:

  • Try not to use VMs.
  • Try another payloads, away from reverse connections.
  • Try other versions of Windows XP.
  • Change system languages 'sometime it works!'

After all, since it says Exploit completed, but no session was created that means something is preventing the reverse connection, mostly the system is patched.

Eibo
  • 2,485
  • 3
  • 19
  • 32
0

This is old but I had an actual need to get the admin password from my lab xp in order to update a guitar pedal (wouldn't update on windows 10 so I needed xp). It's been a few years since I worked on this XP/exploit but the reverse tcp used to work. I am using an updated version of Kali now and the reverse doesn't work. I used the following to get it to work correctly

set payload windows/meterpreter/bind_tcp

schroeder
  • 123,438
  • 55
  • 284
  • 319
LazySpr0cket
  • 1