Trending Tutorials

9 Comments on Exploit MS17-010 vulnerability on Windows Server 2012/2016 using Metasploit + TheFatRat

  1. lo use con otro exploit para win 10 pero igualmente no me funciona, en la prueba el windows 10 no tiene contraseña le quite la que tiene por defecto, deshabilite firewall de windows y aun asi no me funciona si puedes por favor ayudarme gracias por aqui abajo te dejo el mensaje de error que me aparece.

    root@MaquinaKali2018:~/programas/MS17-010# python 42315.py 192.168.1.64 spoolss

    Traceback (most recent call last):

    File "42315.py", line 998, in <module>

    exploit(target, pipe_name)

    File "42315.py", line 796, in exploit

    conn.login(USERNAME, PASSWORD, maxBufferSize=4356)

    File "/root/programas/MS17-010/mysmb.py", line 152, in login

    smb.SMB.login(self, user, password, domain, lmhash, nthash, ntlm_fallback)

    File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 3340, in login

    self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = True)

    File "/root/programas/MS17-010/mysmb.py", line 160, in login_extended

    smb.SMB.login_extended(self, user, password, domain, lmhash, nthash, use_ntlmv2)

    File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 3277, in login_extended

    if smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX):

    File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 712, in isValidAnswer

    raise SessionError, ("SMB Library Error", self['ErrorClass'] + (self['_reserved'] << 8), self['ErrorCode'], self['Flags2'] & SMB.FLAGS2_NT_STATUS)

    impacket.smb.SessionError: SMB SessionError: STATUS_LOGON_FAILURE(The attempted logon is invalid. This is either due to a bad username or authentication information.)

    si no etoy mal dice que el usuario esta mal pero no es verdad ya que solo por prueba lo copie desde la maquina del wind ows no con nmap -A (ip victima) y aun asi no funciona si puedes ayudarme muchas gracias y gracias por tu atencion.

    aqui te dejo el link del exploit que estoy usando para mi prueba https://www.exploit-db.com/exploits/42315

  2. how did you know there is a user called Guest? and how did you know his password?
    supposed you are hacking that system . what i knew you use the exploit without knowing anything, and use mimikatez to get the local user's password. in your example you didn't that. correct me if i'm wrong please.

  3. Thank you for the video
    How do you proceed to do this if the server is behind a firewall like pfsense?

  4. someone could tell me what is this error message ..?

    Traceback (most recent call last):
     File "zzz_exploit.py", line 996, in <module>
     exploit (target, pipe_name)
     File "zzz_exploit.py", line 787, in exploit
     conn = MYSMB (target)
      File "/root/eternalromance/MS17-010/mysmb.py", line 118, in _init_
     smb.SMB .__ init __ (self, remote_host, remote_host, timeout = timeout)
     File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 2402, in _init_
       self.neg_session ()
     File "/root/eternalromance/MS17-010/mysmb.py", line 147, in neg_session
      smb.SMB.neg_session (self, extended_security = self .__ use_ntlmv2, negPacket = negPacket)
     File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 2605, in neg_session
    smb = self.recvSMB ()
      File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 2473, in recvSMB
      r = self._sess.recv_packet (self .__ timeout)
      File "/usr/lib/python2.7/dist-packages/impacket/nmb.py", line 855, in recv_packet
        data = self .__ read (timeout)
      File "/usr/lib/python2.7/dist-packages/impacket/nmb.py", line 933, in __read
     data = self.read_function (4, timeout)
      File "/usr/lib/python2.7/dist-packages/impacket/nmb.py", line 918, in non_polling_read
      raise NetBIOSTimeout
    impacket.nmb.NetBIOSTimeout: The NETBIOS connection with the remote host timed out.

  5. What does spoolss mean?

  6. what about shellcode x64 !

  7. sir can u give me an example for command to exploit with eternalblue7 or 8_exploit.py , what is the shell code file any payload .bat or exe and should i edit any thing in py file before run it !!!

  8. Traceback (most recent call last):
    File "eternalblue8_exploit.py", line 568, in <module>
    exploit(TARGET, sc, numGroomConn)
    File "eternalblue8_exploit.py", line 454, in exploit
    conn.login(USERNAME, PASSWORD)
    File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 3340, in login
    self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = True)
    File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 3277, in login_extended
    if smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX):
    File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 712, in isValidAnswer
    raise SessionError, ("SMB Library Error", self['ErrorClass'] + (self['_reserved'] << 8), self['ErrorCode'], self['Flags2'] & SMB.FLAGS2_NT_STATUS)
    impacket.smb.SessionError: SMB SessionError: STATUS_ACCOUNT_RESTRICTION(Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions).

Leave a comment

Your email address will not be published.


*