Re: bug in smb_lookupsid.rb

[Robin Wood <robin () digininja org>]

On 12 August 2010 17:02, HD Moore <hdm () metasploit com> wrote:
> On 8/12/2010 10:50 AM, Robin Wood wrote:
> > Still no luck, the details are correct as its my lab and I've just
> > logged in with them and checked it. 10.1.1.2 is a domain controller
> > I've pivoted to through meterpreter on 10.1.1.5.
>
> Try unsetting SMBDomain, that is the only difference that I can see
> between smbclient and Metasploit. If that still fails, its likely a case
> where you can't use lookupsid for some other reason -- however, you
> should be able to use smb_enumusers.rb

Tried both of those and both failed with the same error.

Seeing as I had the port forwarded I tried setting rhosts to localhost
and that doesn't give me any authentication errors but also doesn't
give me any information back, don't know if that implies anything.


msf auxiliary(smb_lookupsid) > show options

Module options:

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOSTS     localhost        yes       The target address range or
CIDR identifier
   SMBDomain                   no        The Windows domain to use for
authentication
   SMBPass    xxx       no        The password for the specified username
   SMBUser    Administrator    no        The username to authenticate as
   THREADS    1                yes       The number of concurrent threads

msf auxiliary(smb_lookupsid) > exploit

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework