How do i upload a shell on a website using metasploit. exploits keep failing

[bdelusions]

metasploit [] Started reverse TCP handler on 10.0.2.15:4444
[] 81.70.92.51:80 - Searching for stack canary
[] 81.70.92.51:80 - Assuming byte 0 0x00
[] 81.70.92.51:80 - Brute forcing byte 1
[+] 81.70.92.51:80 - Byte 1 found: 0x07
[] 81.70.92.51:80 - Brute forcing byte 2
[+] 81.70.92.51:80 - Byte 2 found: 0x01
[] 81.70.92.51:80 - Brute forcing byte 3
[+] 81.70.92.51:80 - Byte 3 found: 0x00
[+] 81.70.92.51:80 - Canary found: 0x00010700

[*] Exploit completed, but no session was created.

Any ideas how i can solve this?

just started ethical hacking and need to exploit a site vulnerability, upload a shell with file upload and download permissions and get a webshell for my project. and i am stuck here.
Pointers on how to go about this project would be much appreciated

[bcoles]

need to exploit a site vulnerability, upload a shell with file upload and download permissions and get a webshell for my project

The exploit/linux/http/nginx_chunked_sizemodule is probably not the correct module for your project.

metasploit [] Started reverse TCP handler on 10.0.2.15:4444

Ensure your network is configured correctly to allow reverse connections from the target to your host 10.0.2.15.

[bdelusions]

thank you for this feedback

nginx modues are limited, how can i get better nginx modules?
how do i ensure my system is configured rightly for reverse connections?

[bdelusions]

need to exploit a site vulnerability, upload a shell with file upload and download permissions and get a webshell for my project

The exploit/linux/http/nginx_chunked_sizemodule is probably not the correct module for your project.

metasploit [] Started reverse TCP handler on 10.0.2.15:4444

Ensure your network is configured correctly to allow reverse connections from the target to your host 10.0.2.15.

thank you for this feedback

nginx modues are limited, how can i get better nginx modules?
how do i ensure my system is configured rightly for reverse connections?

[h00die]

First, we have an issue template for when you submit an issue. I'd encourage you in the future to use it to provide us with additional information up front instead of us needing to ask a bunch of questions.

I'm going to take a step back. Why do you think this module will work against this target? Did openvas, nessus, banner checking, or (if it has one) the check method say the target was vulnerable? Typically web servers don't have many vulnerabilities, but the web pages themselves do. So I'd encourage you to:

1. Use a vulnerability scanner, or manually check version numbers from banners against module information pages. This will help you determine if something may be vulnerable.
2. Use burp, a browser, dirb or other tool to explore the contents of the website. If you find something like WordPress, try wpscan or other tool to determine if there are any vulnerabilities in it.
3. If you find a vulnerability, check metasploit for an exploit.