earthquake
commented
5 years ago Can you please copy the command as well with the arguments specified?
Closed thehodown closed 5 years ago
earthquake
commented
5 years ago Can you please copy the command as well with the arguments specified?
thehodown
commented
5 years ago UDVC-Server.x64.exe -p 445 -c
earthquake
commented
5 years ago Sorry for the delay, I was quite busy in the last few weeks. I managed to look into this, but I am not sure if this answers your question. I have used Win10 as the remote desktop client and Win2k8SP2/Win2k12 for the terminal server. After connecting to the terminal server (over RDP), run the command that you specified and it made the connection. I used Metasploit to verify whether the connection works or not. It worked in both cases. Win2k8SP2: msf5 auxiliary(scanner/smb/smb_version) > run
[+] 172.16.10.154:31337 - Host is running Windows 2008 Enterprise SP2 (build:6002) (name:WIN-PYLXSN4C3L1) (workgroup:WORKGROUP ) [*] 172.16.10.154:31337 - Scanned 1 of 1 hosts (100% complete)
UDVC was waiting for the threads to exit. No errors, but did not exit neither.
Win2k12: msf5 auxiliary(scanner/smb/smb_version) > run
[+] 172.16.10.154:31337 - Host is running Windows 2012 R2 Standard (build:9600) (name:WIN-GN8KNM7MNTM) [*] 172.16.10.154:31337 - Scanned 1 of 1 hosts (100% complete)
UDVC exited with the error message that you detailed, but only after the connection was closed, which is expected. [-] [RsWc] WriteFile()/WaitForSingleObject() error: 998
UDVC tool only handles one connection by one execution, this is not a SOCKS proxy or multithreaded application, where multiple connection can be made synchronously or sequentially. The main purpose of the tool was to use it with XFLTReaT, which only needs one stable connection. I think, your issue is rooted in this, that the connection was reset by one of the sides, therefor you should rerun the UDVC-Server.exe. At the moment I do not have the time to implement a SOCKS proxy under this PoC, but any contribution is appreciated.
I am going to leave this open to wait for your reaction, please let me know if this answered your problem.
thehodown
commented
5 years ago Yeah, you're absolutely right. I'm using smb-os-discovery.nse nmap script to test and first time I try it it works fine and returns data, but subsequent requests then fail unless I kill and restart the UDVC-Server.x64.exe process. I've just managed to get a connection to a Windows 7 box so i don't think those OS's are specifically a problem now either. I'll have a look at XFLTReaT in conjunction with UDVC as that looks like it'll do exactly what I need and more. Thanks for your work into these awesome projects! I'd love to contribute but my c++ skills are non-existent.
This doesn't appear to work with win2008r2/win7 on the terminal server side when trying to reach SMB, win2012r2 works fine for the same thing though. I get the following error on the server exe side in client mode (-c) using the pre-compiled x64 exe, when trying to connect to SMB (tcp 445):
[-] [RsWc] WriteFile()/WaitForSingleObject() error: 998
I didn't have the same issue when forwarding to a web server on port 80, that worked fine. However I get this with SMB on the 2 separate machines I've test using win7 and 2008r2.