Blue- "Retired Machine"

hey guys, I was trying to crack one retired machine with no help from ippsec. so picked “BLUE” machine. stuck one place where exploit not at all running where it works for everyone on the internet inlcuding ippsec video… :wink:
pls DM if someone can help me here.

Hi I’m also having problems with the eternal blue exploit. I can complete with msf but wanted to do this with the python exploit. Am i running this wrong? here’s what i get

Microsoft Windows 7/2008 R2 - ‘EternalBlue’ SMB Remote Code Execution (MS17-010) | exploits/windows/remote/42031.py

42031.py looks promising but seems to consum all resource on the server and i have to ask for a reset

Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - ‘EternalBlue’ SMB Remote Code Execution (MS17-010) | exploits/windows/remote/42315.py

Gives me the following error

sudo python2.7 42315.py 10.10.10.40 raw.exe
[sudo] password for elevennails:
Target OS: Windows 7 Professional 7601 Service Pack 1
Traceback (most recent call last):
File “42315.py”, line 998, in
exploit(target, pipe_name)
File “42315.py”, line 834, in exploit
if not info[‘method’](conn, pipe_name, info):
File “42315.py”, line 487, in exploit_matched_pairs
fid = conn.nt_create_andx(tid, pipe_name)
File “/home/elevennails/blue/mysmb.py”, line 170, in nt_create_andx
self._last_fid = smb.SMB.nt_create_andx(self, tid, filename, smb_packet, cmd, shareAccessMode, disposition, accessMask)
File “/usr/lib/python2.7/dist-packages/impacket/smb.py”, line 3775, in nt_create_andx
if smb.isValidAnswer(SMB.SMB_COM_NT_CREATE_ANDX):
File “/usr/lib/python2.7/dist-packages/impacket/smb.py”, line 717, in isValidAnswer
raise SessionError, (“SMB Library Error”, self[‘ErrorClass’] + (self[‘_reserved’] << 8), self[‘ErrorCode’], self[‘Flags2’] & SMB.FLAGS2_NT_STATUS, self)
impacket.smb.SessionError: SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an object but has not been granted those access rights.)

I’ve tried with python, python2.7 and python3

I have installed the MYSMB functions and get this with no options

python 42315.py
42315.py [pipe_name]

Can anyone point me in the right direction out side of msf :wink:

did you try that :

let me know if you succeed or not

Type your comment> @peek said:

did you try that :
GitHub - lokendrasinghrawat/AutoBlue-MS17-010: This is just an semi-automated fully working, no-bs, non-metasploit version of the public exploit code for MS17-010 AKA EternalBlue
let me know if you succeed or not

I concur with peek…

@peek Sorry for reviving this old thread, I have a question. I can’t seem to get Auto blue to get a reverse connection. The exploit succeeds and everything works as expected on the exploit side. But NC listener doesn’t pop a shell which is expected.

I also looked at a write-up and just can’t figure out, why auto blue doesn’t return a shell

i > @goonerhound said:

@peek Sorry for reviving this old thread, I have a question. I can’t seem to get Auto blue to get a reverse connection. The exploit succeeds and everything works as expected on the exploit side. But NC listener doesn’t pop a shell which is expected.

I also looked at a write-up and just can’t figure out, why auto blue doesn’t return a shell

well I dont know

Apparently it was a corrupted box. I had to do multiple resets/terminate and restart to get it to work along with any other manual exploits.