Hello! So I rooted my first 14 boxes last week and now I’m going back to do them again without metasploit. I first did lame which took me forever to realize I just needed to change the shebang to python3 and run it with python3. I tired that same thing again on legacy, but I get the error:
File “ms17-010-exploit.py”, line 83, in
ntfea10000 = pack(‘<BBH’, 0, 0, 0xffdd) + ‘A’*0xffde
TypeError: can’t concat str to bytes"
I assume I got lucky with Lame and can’t simply change the shebang and expect it to work without changing the syntax that was removed/added during the transition to python 3?
I did ‘apt search impacket’ and the only relevant option was python3-impacket which was already installed. I was kind of expecting an option for python-impacket…I’m pretty confused about the whole eol thing with python 1 & 2.
Maybe manual exploit are just too advanced for me at this point but it seems like making minor changes to the exploit code is the real trick to exploiting unpatched boxes so I really want to get this. Any help would be greatly appreciated!!
I assume I got lucky with Lame and can’t simply change the shebang and expect it to work without changing the syntax that was removed/added during the transition to python 3?
You did. There is normally a lot more which needs changing. For example print needs to be print() etc.
There is a script 2to3 which might help but like any automated process, it can miss critical things.
In your current issue, it is possibly down to how python3 has changed the way it treats strings to bytes. You might need to add some .decode() bits or you might need to do some other things, it depends on the exact nature of the problem.
Realistically you need to work through the script and fully understand what it is doing, then you can identify the bits that need changing.
It is very rare to be as simple as changing the first line.
I did ‘apt search impacket’ and the only relevant option was python3-impacket which was already installed.
Your script might be looking for the python2 libraries. It starts to get messy when you combine parts of python2 and python3 in the same script and you need to be clear which you are calling. If you have python2 and python3, you might find python2 is the default so if you run python script.py it ignores the shebang line and tries to run with python 2.
The shebang line only really matters if you run the script as a standalone executable.
Maybe manual exploit are just too advanced for me at this point but it seems like making minor changes to the exploit code is the real trick to exploiting unpatched boxes so I really want to get this. Any help would be greatly appreciated!!
Manual exploitation makes a significant difference between people who can click-pwn and people who can work out how to exploit a target.
Instead of changing it from python to python3, why can’t I just run the original python script? When I try ‘python myscript.py’ it says I’m missing impacket, so I followed the quick start instructions on the link you provided and tried ‘pip install impacket’ but it just said it is already installed in python3 (even though I assumed pip3 is what installs things to python3).
From what I read it looks like python2 (which is what I understand to be just python) is no longer on debian/kali, and therefore needs to be added manually. I found this link Using EoL Python Versions on Kali | Kali Linux Documentation but it says “When we want to swap back to Python 3, we just need to set the global to be system.” and I’m too much of a noob to know how to do that.
Is it true that I am missing python2 or am I just missing impacket in the proper python2 folder?
Instead of changing it from python to python3, why can’t I just run the original python script?
You can.
When I try ‘python myscript.py’ it says I’m missing impacket, so I followed the quick start instructions on the link you provided and tried ‘pip install impacket’ but it just said it is already installed in python3 (even though I assumed pip3 is what installs things to python3).
It is likely that your default pip is python3-pip. It is also likely that your default python is Python3.
From what I read it looks like python2 (which is what I understand to be just python) is no longer on debian/kali, and therefore needs to be added manually.
Ok, I refused to upgrade Kali since the 2020 build broke the root login so I don’t know what is current.
The link talks about using python virtual environments, which is a good idea and certainly worth learning about if you want to use python in a complex manner.
In a nutshell, you set up a virtual environment with pyenv and then install python 2 in to the environment. Then you can run scripts (or use pip to install modules) for python2 without breaking the python3 install in your live environment.
Is it true that I am missing python2 or am I just missing impacket in the proper python2 folder?
With a recent upgrade on Kali, many Python2 packages have been removed (including pip2) and only a bare minimum of modules remained. In order to get pip2 back (it was removed from the repositories), download the tar archive vom pypi: pip · PyPI
Extract it, and then run sudo python2 setup.py. After wards, you can install Python2 packages (e.g. impacket) with pip2, again.
Regarding the initial issue (and when you wanted to run the script with Python3):
File "ms17-010-exploit.py", line 83, in
ntfea10000 = pack('<BBH', 0, 0, 0xffdd) + 'A'*0xffde
TypeError: can't concat str to bytes"
In python3, pack returns a byte string, so you would need to change this line (and similar ones) to:
IT WORKED! I really appreciate the help you two provided. This was my first post on the forum and I have to say it feels great to get help from the community and to get something working after having spent so much time pulling my hair out.
TazWake, checking the version to see what’s installed was a huge help, I kept looking in my usr/bin folder and all the different python folders just made me more confused. I remember coming across the whole version thing before but I totally forgot about it. I kept thinking python2 wasn’t there at all but as the -V switch and as HomeSun pointed out, it’s there it just doesn’t have many modules, like pip.