search

moloch54 / b4blood

Finds Domain Controller on a network, enumerates users, AS-REP Roasting and hash cracking, bruteforces password, dumps AD users, DRSUAPI, scans SMB/NFS shares for passwords, scans for remote accesses, dumps NTDS.dit.
18 stars 2 forks source link

rpcdump.py: not found #5

Closed sec13b closed 10 months ago

sec13b commented 11 months ago

[] NTP synchronizing with the DC for Kerberos
2023-10-11 11:37:32.980950 (-0400) -402.774280 +/- 0.125429 172.20.121.10 s1 no-leap
CLOCK: time stepped by -402.774280
[] scanning SMB vulns
[] scanning for spooler (printernightmare)
sh: 1: rpcdump.py: not found
[] scanning for anonymous smb shares --> /smb_dump
image

and second : [] Looking for LDAP null bind
Operations error (1)
Additional information: 000004DC: LdapErr: DSID-0C090AE1, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
[] bruteforcing LDAP SID with '' session

sec13b commented 11 months ago

Also can you share AD_exploit.py and cve-2020-1472-exploit.py that you use? Line 135 printf(" Need an interface! sudo AD_exploit.py --internal -i eth0",red) Line 701 #os.system(f"python cve-2020-1472-exploit.py {CN.split('.')[0]} {ip_to_scan}")

sec13b commented 11 months ago

Suggestion : After line 703 and 704 to add :

printf(" scanning MS17-010",green) os.system(f"crackmapexec smb {ip_to_scan} -u '' -p '' -M ms17-010")

https://github.com/lcn-m/cme-ms17-010-module

moloch54 commented 11 months ago

Hi,

I think your crackmapexec is badly installed

Le mer. 11 oct. 2023 à 17:47, Sec13B @.***> a écrit :

[

] NTP synchronizing with the DC for Kerberos 2023-10-11 11:37:32.980950 (-0400) -402.774280 +/- 0.125429 172.20.121.10 s1 no-leap CLOCK: time stepped by -402.774280 [] scanning SMB vulns [

] scanning for spooler (printernightmare) sh: 1: rpcdump.py: not found [] scanning for anonymous smb shares --> /smb_dump [image: image] https://user-images.githubusercontent.com/123419537/274338256-3423bf28-b0ff-4897-9e99-1e0aeb5b87ca.png

and second : [

] Looking for LDAP null bind Operations error (1) Additional information: 000004DC: LdapErr: DSID-0C090AE1, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839 [] bruteforcing LDAP SID with '' session

— Reply to this email directly, view it on GitHub https://github.com/moloch54/b4blood/issues/5, or unsubscribe https://github.com/notifications/unsubscribe-auth/A5LFDEDEFFNFVHUZSROQPLTX625P3ANCNFSM6AAAAAA54HBPMA . You are receiving this because you are subscribed to this thread.Message ID: @.***>