Bug #809
Issue with the check command while using a specific smb exploit.
| Status: | Closed | Start date: | 02/04/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | Metasploit 3.4.0 | |||
| Resolution: | Release Note: |
Description
- # ###### ##### ## #### ##### # #### # #####
- ## # # # # # # # # # # # #
- ## # ##### # # # #### # # # # # # #
- # # # ###### # ##### # # # # #
- # # # # # # # # # # # # #
- # ###### # # # #### # ###### #### # #
=[ metasploit v3.3.4-dev [core:3.3 api:1.0]
+ -- --=[ 501 exploits - 240 auxiliary
+ -- --=[ 192 payloads - 23 encoders - 8 nops
=[ svn r8367 updated today (2010.02.04)
msf > use windows/smb/ms05_039_pnp
msf exploit(ms05_039_pnp) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf exploit(ms05_039_pnp) > check
[*] Connecting to the SMB service...
[-] Exploit check failed: Rex::Proto::SMB::Exceptions::LoginError Login Failed: The SMB server did not reply to our request
*[-] Call stack:
[-] /opt/metasploit3/msf3/lib/rex/proto/smb/simpleclient.rb:201:in `login'
[-] /opt/metasploit3/msf3/lib/msf/core/exploit/smb.rb:109:in `smb_login'
[-] (eval):125:in `pnp_probe'
[-] (eval):182:in `check'
msf exploit(ms05_039_pnp) > set rhost 192.168.200.109
rhost => 192.168.200.109
msf exploit(ms05_039_pnp) > check
[*] Connecting to the SMB service...
[-] Exploit check failed: Rex::ConnectionTimeout The connection timed out (192.168.200.109:445).
Call stack:
[-] /opt/metasploit3/msf3/lib/rex/socket/comm/local.rb:251:in `create_by_type'
[-] /opt/metasploit3/msf3/lib/rex/socket/comm/local.rb:32:in `create'
[-] /opt/metasploit3/msf3/lib/rex/socket.rb:45:in `create_param'
[-] /opt/metasploit3/msf3/lib/rex/socket/tcp.rb:34:in `create_param'
[-] /opt/metasploit3/msf3/lib/rex/socket/tcp.rb:24:in `create'
[-] /opt/metasploit3/msf3/lib/msf/core/exploit/tcp.rb:95:in `connect'
[-] /opt/metasploit3/msf3/lib/msf/core/exploit/smb.rb:69:in `connect'
[-] (eval):124:in `pnp_probe**'
[-] (eval):182:in `check'*
msf exploit(ms05_039_pnp) > uname -r
[*] exec: uname -r
2.6.30.9
msf exploit(ms05_039_pnp) > uname -a
[*] exec: uname -a
Linux bt 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686 GNU/Linux
msf exploit(ms05_039_pnp) >
This might also occur to other smb exploits that use the check validation to see if the host can be compromised.
if you guys need more information don't hesitate to ask!
History
Updated by HD Moore about 2 years ago
It looks like your target system was already in a bad state; the Login failed before the check even ran. Try a fresh reboot of the target and running the check again (without exploiting it first).
Updated by Marc-Andre Meloche about 2 years ago
Well, i retried and i still get the same output, the exploit works! but i get the same errors..
Updated by HD Moore about 2 years ago
Did you run check before running the exploit, after a fresh reboot? The login error/connection refused combo only occurs if the service is dead and dying from a previous attempt.
Updated by Marc-Andre Meloche about 2 years ago
Rebooted both machines, here is the result.
msf exploit(ms05_039_pnp) > check
[*] Connecting to the SMB service...
[*] Binding to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:192.168.200.109[\browser] ...
[-] Exploit check failed: RuntimeError Could not bind to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:192.168.200.109[\browser]
[-] Call stack:
[-] /opt/metasploit3/msf3/lib/rex/proto/dcerpc/client.rb:266:in `bind'
[-] /opt/metasploit3/msf3/lib/rex/proto/dcerpc/client.rb:47:in `initialize'
[-] /opt/metasploit3/msf3/lib/msf/core/exploit/dcerpc.rb:124:in `new'
[-] /opt/metasploit3/msf3/lib/msf/core/exploit/dcerpc.rb:124:in `dcerpc_bind'
[-] (eval):129:in `pnp_probe'
[-] (eval):182:in `check'
i can see it connects but the call stack i simply don't understand, if you say it's normal, then i apologize for the inconveniance!!
Just trying to help!
Updated by HD Moore about 2 years ago
That error just indicates the target system is not running the vulnerable DCERPC component (it could not bind to it).
Updated by Marc-Andre Meloche almost 2 years ago
i have retried with a vulnerable server and everything works.
Sorry.
Updated by HD Moore almost 2 years ago
- Status changed from New to Closed
- Target version set to 18
Updated by HD Moore almost 2 years ago
- Target version changed from 18 to Metasploit 3.4.0