Exploit Failed. Now What?
Key Takeaways
The video 'Exploit Failed. Now What?' by The Cyber Mentor covers troubleshooting steps for failed exploits, including verifying IP addresses, checking connectivity, and disabling security mechanisms, with tools like Keeper Security and GitHub.
Full Transcript
we all get into situations where our exploits fail and today we're going to run through a checklist of things that you can do to make sure that your attack is successful I often find myself in a similar situation even on live stream where I've made a small mistake or sometimes I'm just simply tumbling head first down a rabbit hole but the first thing to do in this situation is to work methodically through our troubleshooting list which I'm going to share with you today and of course you can use this as a starting point for your own and you can expand this over time I've split this video into three sections the first is troubl shooting reverse shells the second is getting public exploits to work like those found on exploit DB and finally we'll take a look at troubleshooting web attacks as always if you enjoyed the video then don't forget to like And subscribe and let's dive in keeper security is a vendor that we've used for password and secrets management at TCM for quite some time what's awesome is they also do privileged access management and it's way more affordable than some of the big name vendors which if you know us you know that we're all about affordability it was an easy yes for us when the partnership conversation happened and unlike Legacy Pam Solutions keeper is fast and easy to deploy agentless and clientless and has no implementation fees plus keeper is fed ramp authorized so if you're looking for a new solution to protect your organization check out keeper. i/t CCM and schedule a quick demo with their awesome team so let's take a look at the dreaded failed reverse shell and we'll talk through some checks that we can do to start with we need to look at the basics and these are essentially sanity checks so verifying the IP address used in our attack checking the connectivity with ping or rescanning a service to make sure that it's alive and that we haven't accidentally crashed it checking that traffic can actually flow over the port that we're using and check checking for firewall rules or making changes to our attack for example changing to different ports to indirectly test these rules after that we need to look into our listener setup so is the listener actually running once again do the ports match up I often make changes to my payloads and then forget to update my listener and if we're still experiencing no call back and we've checked all of these things so far then we can start thinking about the payload itself so some of the things to consider here uh is the payload configured with the right values and are you using the correct syntax to run it is the payload compatible with the target systems architecture and operating system do we need to obfuscate the payload and if all else fails we could look at alternative shells so we might try a bind shell instead of a reverse shell maybe using a web shell to gain an initial foothold and then spawn a full TTY shell from there it's also worth noting that if you're doing a CTF or boot rout machine then resetting the box is often a good idea when our exploit fails or more likely the exploit that we found somewhere on the internet fails there are a few things that we need to check so first up we should think about validating our exploits does the exploit match the version of the application or service that we're targeting are there any comments or information in the code that might tell us how to use the exploit specifically does the file contain quirks like a mixture of tabs and spaces that are causing errors upon execution this is particularly common with exploits written in Python does the exploit need to be compiled in a particular way and generally asking these sorts of questions and checking that these things are in place is going to help us hone in on the problem and allow us to make some kind of progress after we've asked these questions and checked that everything is as it should be we can continue to look at the Target configuration now of course this depends on what your target is the level of access that you might already have so for example you might be doing a prives technique and therefore have some level of access already to check the target configuration but otherwise you might be attacking from the outside and unable to do this so the configuration of the Target or service we're attacking might need to be checked as our exploit might require some certain conditions it's worth checking for extra information or blog posts on the exploit that you're using to uncover this kind of information if it's not readily available next up we have checking for security mechanisms that might need disabling or bypassing before our exploit will work and finally if we've done multiple attempts make sure that the target service is still running you might have popped it on a previous attempt so the box or service would need restarting after this we could consider if there are alternative exploits available I tend to use Google to find more stable exploits than the original that might just be a p and they're often available on GitHub otherwise reading the exploit and understanding the steps and replicating them manually can also be a good option many exploits will require modification for example they might have hard-coded paths that need updating or some custom shell code that fits the Target and has all the right information about where to send a shell back to lastly any dependencies need to be checked and I previously had some issues getting print nightmare working for a while because my dependencies were not the correct version and if we're really stuck we may want to set up a local test environment to ensure that our exploit is working as expected against a known Target where we can actually control the configuration and then we can continue troubleshooting after that finally we have an exploit failing against a web application and the Assumption here is that you found an endpoint that's probably vulnerable or at least showing symptoms of being vulnerable to something like SQL injection or maybe youve found template injection but you can't get it working in a way that you want to fully demonstrate the impact so first up we need to think about the information that we have and the behavior of the application are there error messages giving us some information are there delays in the response or information in the body of the response that shouldn't be there thinking about what we have in front of us and why it might be there is a really good place to start next we can consider our payload and how we might modify it for example we might try a variation of our payload or a different one entirely we might try encoding our payloads or even just simplifying it if we think that we need to bypass something like a WAFF then maybe nesting or combining attacks or using things like parameter pollution to get a successful delivery could also be key and if we haven't already we should also consider the teex stack of the target so going back to our template injection scenario we might send a number of different payloads to identify what templating engine is being used first or we might try some different SQL injection attacks to identify the backend database and sometimes this can be really important and the more information you have at your disposal the more likely you're going to be able to pull off a successful attack and finally if you haven't already then we can start fuzzing the Target and making sure that we haven't Mr payload that brings us success so before we wrap up here are some bonus tips that should help you out when you're stuck and I'm just going to list them out and hope that you find them useful so first up take regular breaks I've talked a lot about this in the past but every breakthrough that I've ever had was due to taking a break making a cup of tea or just getting up from my desk for a minute or two second which is kind of the same as taking a break but move on from what you're doing and come back to it later work on something else or some other part of the application and cycle back to it later on this is particularly useful during practical exams and can help you avoid wasting time falling into rabbit holes third always read error messages the number of pings I get with screenshots where the answer to the issue is clearly stated in the error message is quite frankly astounding and fourth use Google and chat GPT obviously don't leak sensitive information but if it's a generic error message drop it into Google and if you think you have an issue with some code that you don't quite understand let chat GPT try and spot it or explain the code to you I often use chat GPT to troubleshoot my code and it saves me a lot of time now if you have other tips that you want to share then of course let us know down in the comments below and if you didn't already don't forget to like And subscribe subscribe and I will catch you next time
Original Description
https://www.tcm.rocks/KeeperDemo Keeper Security's next-gen privileged access management solution delivers enterprise-grade password, secrets and privileged connection management in one unified platform. Request a demo on how you can protect your organization against cyber threats with zero-trust Enterprise Password Management (EPM). https://www.tcm.rocks/KeeperDemo
Sponsor a Video: https://www.tcm.rocks/Sponsors
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com
📱Social Media📱
___________________________________________
X: https://x.com/TCMSecurity
Twitch: https://www.twitch.tv/thecybermentor
Instagram: https://www.instagram.com/tcmsecurity/
LinkedIn: https://www.linkedin.com/company/tcm-security-inc/
TikTok: https://www.tiktok.com/@tcmsecurity
Discord: https://discord.gg/tcm
Facebook: https://www.facebook.com/tcmsecure
00:00 Intro
00:52 Sponsor message
01:36 Failed to connect reverse shell
03:03 Why did my exploit fail?
05:46 Fixing WebApp Exploits
07:42 Bonus tips
08:50 Outro
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
https://www.patreon.com/thecybermentor
Support the stream (one-time): https://streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3: https://amzn.to/34XkIY2
Hacking: The Art of Exploitation: https://amzn.to/2VchDyL
The Web Application Hacker's Handbook: https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx
Linux Basics for Hackers: https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition: https://amzn.to/30gINu0
Violent Python: https://amzn.to/2QoGoJn
Black Hat Python: https://amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:h
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from The Cyber Mentor · The Cyber Mentor · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
Writing a Pentest Report
The Cyber Mentor
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
Top 5 Internal Pentesting Methods
The Cyber Mentor
More on: Defensive AI
View skill →Related AI Lessons
⚡
⚡
⚡
⚡
The Billion Dollar Business of Making You Forget Passwords
Medium · Cybersecurity
Your ChatGPT History Is a Liability. I Fixed That With a $80 Chip and a Pi5.
Medium · Cybersecurity
Aikido buys Root to patch open source in place, without the upgrade dance
Dev.to · Leo
5G Security: Why Most Operators Are Underprepared for the Threats Standalone Architecture Introduces
Dev.to · 5gwolrdpro
Chapters (7)
Intro
0:52
Sponsor message
1:36
Failed to connect reverse shell
3:03
Why did my exploit fail?
5:46
Fixing WebApp Exploits
7:42
Bonus tips
8:50
Outro
🎓
Tutor Explanation
DeepCamp AI