Open jaykijay opened 3 years ago
We're you previously hosting an SMB server from the IP address it tries to connect?
I received the ERROR_BAD_NET_NAME error when I already had smbd running. When I turned smbd off, it went away.
I also recevied a different error when I had impacket-smbserver running:
Got unexpected response: RPRN SessionError: unknown error code: 0x180
Running in docker the target host will try to connect back to the docker container IP using SMB and fails:
[itwasalladream] DEBUG - Attempting DLL execution \\172.17.0.2\itwasalladream\bogus.dll
. The target won't be able to resolve the docker container IP.
Yup and that's fine cause we're not actually exploiting anything. We just need to pass a UNC path to the RPC call in order to determine if it's exploitable based on the response of the RPC call. The UNC path doesn't need to point to a valid share/file as we can determine if its vulnerable regardless.
I can try to reproduce this in my lab but you might just want to try running it from a host where you haven't hosted an SMB server before.
Yup and that's fine cause we're not actually exploiting anything. We just need to pass a UNC path to the RPC call in order to determine if it's exploitable based on the response of the RPC call. The UNC path doesn't need to point to a valid share/file as we can determine if its vulnerable regardless.
I can try to reproduce this in my lab but you might just want to try running it from a host where you haven't hosted an SMB server before.
Yes I can see the script checks for ERROR_BAD_NETPATH
in the RPC exception and uses that to determine vulnerability. Would ERROR_BAD_NET_NAME
also be a vulnerable case? I have seen that error before when using a bad share name.
In my case I am using Kali smbd service stopped. I am using ItWasAllADream via docker container. I will want a valid smbd share service available for actual exploitation during an engagement if this tool successfully finds a target.
Hi, thanks for your work,
i always get the Error Message "ERROR_BAD_NET_NAME - The network name cannot be found."
Running it in debug mode shows me the IP it tries to connect, which is the right one and is reachable from the target Machine.
I tried running it with docker and in Dev Mode and get the same result sadly.
There is no Firewall in between and the target is vulnerable.
Do you have any idea?