Metasploit mailing list archives

Problem between 2.5 and 3 Alpha 2 - dcom_ms03_026

From: masterl_dae at gmx.de (Christian Liesegang)
Date: Tue, 17 Jan 2006 20:19:05 +0100

Well, to be sure I installed the 2.5 Framework on my Linux Box, too. It 
works as intended, but to be sure I deactivated the firewall. You we're 
right it was activated, but because 2.5 exploits work even with  an 
activated firewall it would be very strange if it might not work with 
3.0. So I deactivated the firewall, but still the 3.0 exploit fails with 
the same fault:
    Exploit failed: DCERPC FAULT => 0x000006f7

ken zo schrieb:

I don't know if this will help, but did you check to make sure that 
the Firewall was disabled?
I believe Suse10 automatically starts the firewall by default and 
doesn't open any ports.

From: Christian Liesegang <masterl_dae at gmx.de>
To: framework at metasploit.com
Subject: [framework] Problem between 2.5 and 3 Alpha 2  - dcom_ms03_026
Date: Mon, 16 Jan 2006 20:50:15 +0100
MIME-Version: 1.0
Received: from sugar.14x.net ([66.234.161.200]) by 
bay0-mc5-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); 
Mon, 16 Jan 2006 11:52:28 -0800
Received: (qmail 13063 invoked by uid 1006); 16 Jan 2006 13:49:49 -0600
Received: (qmail 227 invoked from network); 16 Jan 2006 13:49:48 -0600
X-Message-Info: 6sSXyD95QpX04MKU6OaDr48jtjOIxnxsvF218/AfFAU=
Mailing-List: contact framework-help at metasploit.com; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Post: <mailto:framework at metasploit.com>
List-Help: <mailto:framework-help at metasploit.com>
List-Unsubscribe: <mailto:framework-unsubscribe at metasploit.com>
List-Subscribe: <mailto:framework-subscribe at metasploit.com>
Delivered-To: mailing list framework at metasploit.com
X-Authenticated: #1867461
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: de-DE, de, en-us, en
X-Y-GMX-Trusted: 0
Return-Path: framework-return-818-kenzo_chin=hotmail.com at metasploit.com
X-OriginalArrivalTime: 16 Jan 2006 19:52:28.0854 (UTC) 
FILETIME=[618C3560:01C61AD6]

Hello
, during the last weeks I experimented with the 2.5 framework using 
the windows version and exploited
successfully a window 2000 in a virtual machine. Now I set up a Suse 
10 in a Virual Maschine, too. I tried
to play around with the Framework 3.0 and tried the same exploit 
(dcom_ms03_026) on the same w2k box from the SuSE 10, but this time I 
got:
[*] Started reverse handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 
4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.152.3[135] 
...
[*] Bound to 
4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0 at ncacn_ip_tcp:192.168.152.3[135] 
...
[*] sending exploit ...
[-] Exploit failed: DCERPC FAULT => 0x000006f7

My SuSE Box comes with Ruby 1.8.2 so I think it should work. While 
the 3.0 fails, I could exploit with the 2.5 again and again.
I would be very thankful if someone could give my a hint.

Regards



_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's 
FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Current thread:

Problem between 2.5 and 3 Alpha 2 - dcom_ms03_026 Christian Liesegang (Jan 16)
- Problem between 2.5 and 3 Alpha 2 - dcom_ms03_026 H D Moore (Jan 16)
- Problem between 2.5 and 3 Alpha 2 - dcom_ms03_026 ken zo (Jan 16)
  - Problem between 2.5 and 3 Alpha 2 - dcom_ms03_026 Christian Liesegang (Jan 17)