Metasploit MS08-067 getting stuck at "Attempting to trigger the vulnerability..."

According to Rapid7, MS08-067 "tends to give the most reliable shells on Windows 2003 Server and Windows XP". This is the bread and butter Metasploit module - if you have any experience with Metasploit at all, you've probably used it before.

However, sometimes it can give troubles.



1) Metasploit displays:
[*] Attempting to trigger the vulnerability...
and then returns a prompt. A normal Metasploit prompt, not a Meterpreter prompt like you wanted.

If you don't specify a payload with MS08-067, it automatically uses the "exploit/windows/meterpreter/reverse_tcp" payload. In other words, this is a Windows Meterpreter that will call back to your local computer. When Metasploit says that it is triggering the vulnerability, it is doing just that - the remote Meterpreter session is started. However, it times out, unable to reach your local computer, and you are returned to the Metasploit prompt.

The next step is to verify connectivity, so you ping the remote computer. And it works. So why can't it connect back to you?

The most likely reason is that you are behind a NAT. For example, it is very common to run Kali inside of a virtual machine using software such as VirtualBox. In such software, the networking is configured to use a NAT by default. Go into your virtual machine settings and change the networking to bridged mode, so that your Kali gets a "real" IP on the network.

If you aren't running your Kali in a VM, hopefully this gives you a clue about the connectivity issue. By default, Kali doesn't use iptables (the Linux firewall), so the problem may lie in the devices between you and the target, or even a firewall on the target itself.

In short, if you can create an inbound connection to a machine, it doesn't necessarily mean that the machine can create an outbound connection to you. Many switches, routers, and firewalls are configured to allow existing already-created TCP/IP connections pass both ways, but block new connections coming from a certain direction.

One other thing to try if you are still having problems is to use the "forward" Meterpreter payload instead of the reverse one.

set payload windows/meterpreter/bind_tcp

This payload isn't used by default because in general, it has a lesser chance of working. This is because most firewalls, in general, will restrict incoming traffic and allow outgoing traffic.



2) Metasploit displays:
Exploit failed [unreachable]: Rex::ConnectionRefused The connection was refused by the remote host (###.###.###.###:445).

"Port 445 was open a minute ago, and now it isn't. What the hell?"

Using the MS08-067 exploit has a tendency to "knock-over" the target. For example, if you run Kali in a VM and forget to enable bridged networking (see #1 above), the target will be unable to call back to you. But not only that, it will now reject all connections on port 445 until the system is restarted. Either find a way to restart the box, play the waiting game, or move on to a different target.