Open des32 opened 7 years ago
dionaea does capture payloads that uploaded via DoublePulsar backdoor, but I'm not sure if it could play well with initial EthernalBlue exploit. Maybe @gento could answer it.
@des32, I just did a quick check with Dionaea and eternalblue_doublepulsar.rb (ElevenPaths). It is working on my new Dionaea installation from https://github.com/DinoTools/dionaea. I had the payload sitting in /binaries after the check.
I am wondering what is the possible root cause for your setup.
I have not try with the latest Metasploit official ms17-101 module.
I can confirm I captured some wild samples through Dionea.
I try the windows/smb/ms17_010_eternalblue of metasploit,but it not work.It shows " Exploit completed, but no session was created.",and the /binaries is empty.
I try the windows/smb/ms17_010_eternalblue of metasploit,but it not work.It shows " Exploit completed, but no session was created.",and the /binaries is empty.
Hi, have you figured it out? Because i have the same problem. Kind regards!
@des32, I just did a quick check with Dionaea and eternalblue_doublepulsar.rb (ElevenPaths). It is working on my new Dionaea installation from https://github.com/DinoTools/dionaea. I had the payload sitting in /binaries after the check.
I am wondering what is the possible root cause for your setup.
I have not try with the latest Metasploit official ms17-101 module.
Hi, i need to verify that i can upload samples, how did you do exactly to manage that? Kind regards!
ISSUE TYPE
DIONAEA VERSION
CONFIGURATION
SMB server configured as Windows 7, with default values.
OS / ENVIRONMENT
SUMMARY
I've tried to test wannacry detection by configuring a SMB server on Dionaea as Windows 7. To test it, two possible exploits have been used: the one from Elevenpaths (one recommended in #104 ), and the one from Metasploit. Both of them recognized the SMB server as exploitable, but neither of them left any payload on /binaries.
STEPS TO REPRODUCE
Exploit https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/blob/master/eternalblue_doublepulsar.rb
EXPECTED RESULTS
Payload stored in /binaries
Is Dionaea implementation supposed to record payload on Wannacry attack?. Best regards