Metasploit mailing list archives
Re: bug in smb_lookupsid.rb
From: Robin Wood <robin () digininja org>
Date: Thu, 12 Aug 2010 16:50:26 +0100
On 12 August 2010 16:12, Robin Wood <robin () digininja org> wrote:
On 12 August 2010 16:01, HD Moore <hdm () metasploit com> wrote:On 8/12/2010 9:52 AM, Robin Wood wrote:On 12 August 2010 15:49, HD Moore <hdm () metasploit com> wrote:On 8/12/2010 9:41 AM, Robin Wood wrote:On 12 August 2010 15:37, HD Moore <hdm () metasploit com> wrote:On 8/12/2010 6:49 AM, Robin Wood wrote:It can't get any users from my domain but the fix below looks correct.Set the SMBUser/SMBPass to get it working on newer windows (requires authentication to lookupSid now)I thought it should do but didn't get those as options msf auxiliary(smb_lookupsid) > show optionsThose are advanced options by default (show advanced)OK, will give that a try. Should they be moved into normal options as they are now required for some versions?Done. r9981.Thanks I'll give it a go.
Still no luck, the details are correct as its my lab and I've just logged in with them and checked it. 10.1.1.2 is a domain controller I've pivoted to through meterpreter on 10.1.1.5. msf auxiliary(smb_lookupsid) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOSTS 10.1.1.2 yes The target address range or CIDR identifier SMBDomain corpnet no The Windows domain to use for authentication SMBPass xxx no The password for the specified username SMBUser Administrator no The username to authenticate as THREADS 1 yes The number of concurrent threads msf auxiliary(smb_lookupsid) > exploit Error: 10.1.1.2 Rex::Proto::SMB::Exceptions::ErrorCode The server responded with error: STATUS_ACCESS_DENIED (Command=117 WordCount=0) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed Just to check I port forwarded 445 from 10.1.1.2 through to my localhost then checked shares, it worked fine. smbclient -L localhost -U administrator Enter administrator's password: Domain=[CORPNET] OS=[Windows Server (R) 2008 Standard 6001 Service Pack 1] Server=[Windows Server (R) 2008 Standard 6.0] Sharename Type Comment --------- ---- ------- ADMIN$ Disk Remote Admin C$ Disk Default share IPC$ IPC Remote IPC NETLOGON Disk Logon server share Public Disk share2 Disk shared Disk SYSVOL Disk Logon server share Users Disk Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED) NetBIOS over TCP disabled -- no workgroup available Any ideas? An extra thing I've come across, how do you remove a port forward? I added portfwd add -l 445 -p 445 -r 10.1.1.2 [*] Local TCP relay created: 0.0.0.0:445 <-> 10.1.1.2:445 and assumed delete would be portfwd del -l 445 -p 445 -r 10.1.1.2 but no luck, no other options I tried worked either. Robin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb HD Moore (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb HD Moore (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb HD Moore (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb HD Moore (Aug 12)
- Re: bug in smb_lookupsid.rb c0lists (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb Robin Wood (Aug 12)
- Re: bug in smb_lookupsid.rb HD Moore (Aug 12)