AutoBlue-MS17-010 icon indicating copy to clipboard operation
AutoBlue-MS17-010 copied to clipboard

Published 20 hours ago verified publisher icon 3ndG4me

TypeError: can't concat str to bytes on Python 3.9.7, latest impacket, clean Miniconda docker environment

Open my-other-github-account opened this issue 3 years ago • 2 comments

Hello,

I am having an issue with the Relevant CTF (https://tryhackme.com/room/relevant) using AutoBlue. I see some walkthroughs using it successfully - so the command should work.

As requested, I have filed this as a new issue, as this indeed does occur in latest impacket, latest Python, in a clean Miniconda docker environment (as well as on my host, Kali Linux 2021.1).

The following steps will reproduce this issue:

docker run -i -t continuumio/miniconda3 /bin/bash
conda create -n py397 python=3.9.7
conda activate py397
pip install git+https://github.com/SecureAuthCorp/impacket
git clone https://github.com/3ndG4me/AutoBlue-MS17-010.git
cd AutoBlue-MS17-010
python3 zzz_exploit.py 'RELEVANT/Bill:[email protected]'

Yielding the following results:

[*] Target OS: Windows Server 2016 Standard Evaluation 14393
[-] Could not open /usr/share/metasploit-framework/data/wordlists/named_pipes.txt, trying hardcoded values
[+] Found pipe 'netlogon'
[+] Using named pipe: netlogon
Traceback (most recent call last):
  File "/AutoBlue-MS17-010/zzz_exploit.py", line 1112, in <module>
    main()
  File "/AutoBlue-MS17-010/zzz_exploit.py", line 1109, in main
    exploit(options.target_ip, int(options.port), username, password, options.pipe, options.share, options.mode)
  File "/AutoBlue-MS17-010/zzz_exploit.py", line 980, in exploit
    if not info['method'](conn, pipe_name, info):
  File "/AutoBlue-MS17-010/zzz_exploit.py", line 469, in exploit_matched_pairs
    info.update(leak_frag_size(conn, tid, fid))
  File "/AutoBlue-MS17-010/zzz_exploit.py", line 313, in leak_frag_size
    req1 = conn.create_nt_trans_packet(5, param=pack('<HH', fid, 0), mid=mid, data='A'*0x10d0, maxParameterCount=GROOM_TRANS_SIZE-0x10d0-TRANS_NAME_LEN)
  File "/AutoBlue-MS17-010/mysmb.py", line 375, in create_nt_trans_packet
    _put_trans_data(transCmd, param, data, noPad)
  File "/AutoBlue-MS17-010/mysmb.py", line 83, in _put_trans_data
    transData += (b'\x00' * padLen) + data
TypeError: can't concat str to bytes

Thank you for your time.

my-other-github-account avatar Sep 26 '21 16:09 my-other-github-account

I'm on Python 3.9.9. Same problem.

Tried to fix it, no luck.

transData = "".join(map(chr,(b'\x00' * padLen))) + str(parameters)

transData += "".join(map(chr,(b'\x00' * padLen))) + str(data)

# req = str(pkt)
req = pkt.getData()
return b'\x00'*2 + pack('>H', len(req)) + req  # assume length is <6553

A1vinSmith avatar Feb 02 '22 05:02 A1vinSmith

You can't use the mysmb.py outside the repo. ZZZ works for me now

A1vinSmith avatar Feb 02 '22 06:02 A1vinSmith

Can you please elaborate on how you managed to get it working? Facing the same issue. But I am executing the python code from the directory that contains the mysmb.py.

Edit: somehow it just suddenly worked, I am not aware of having changed anything

r-erd avatar Dec 05 '22 14:12 r-erd

managed

I just used the zzz.py it worked. If it ask some dependencies, pip3 install them. If still not working, google the error and download some scripts to replace those not workings.

A1vinSmith avatar Dec 05 '22 19:12 A1vinSmith

Closing this as it seems to just be a dependency issue case by case. If anyone would like to contribute a resolution I am open to cleaning up issues that cause dependency workflow problems, but personally I never encounter these problems, and if I do it's usually a quick fix like @A1vinSmith suggested.

Feel free to open a new issue or a PR with a contribution in the future if desired!

3ndG4me avatar Jan 08 '23 21:01 3ndG4me