STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)

[nighymighty]

Any thoughts on why by running the python zzz_exploit.py x.x.x.x becomes like this ?

[] Target OS: Windows 5.1 [+] Found pipe 'netlogon' [+] Using named pipe: netlogon Groom packets attempt controlling next transaction on x86 success controlling one transaction modify parameter count to 0xffffffff to be able to write backward leak next transaction CONNECTION: 0x8171e930 SESSION: 0xe11493f0 FLINK: 0x7bd48 InData: 0x7ae28 MID: 0xa TRANS1: 0x78b50 TRANS2: 0x7ac90 modify transaction struct for arbitrary read/write [] make this SMB session to be SYSTEM [+] current TOKEN addr: 0xe1d8c030 Bad TOKEN_USER_GROUP offsets detected while parsing tokenData! RestrictedSids: 0xe1d60c30 RestrictedSidCount: 0x1f4 userAndGroupCount: 0x4c userAndGroupsAddr: 0xe1d8c0b8 Attempting WINXP SP0/SP1 x86 TOKEN_USER_GROUP workaround userAndGroupCount: 0x3 userAndGroupsAddr: 0xe1d8c0b8 [] overwriting token UserAndGroups [] have fun with the system smb session! [-] got exception CRITICAL:root:SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.) Done

[michele-dedonno]

I am having the same error here.

Any steps forward?

If using eternalblue_exploit7.py instead, I get:

shellcode size: 1013
numGroomConn: 13
Target OS: Windows 5.1
This exploit does not support this target

[davacker]

Same here, any updates ?

[3ndG4me]

Hey everyone, sorry for the delayed reply. The reason the CRITICAL:root:SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.) error comes into play can be a variety of things:

1. Most commonly - you do not have appropriate access to a given share for SMB client to connect to. Usually the exploit targets C$ and rightly so because you should be admin. It is possible other restrictions might exists...

OR

2. There is AV of some sort stopping exploitation. Might be as simple as that.

Seeing as this is field tested daily by myself and others, there doesn't seem to be any bug in the exploit code itself. That said, if you would like to provide further data about your target's configuration @nighymighty then I might be able to determine what the root cause is in this case. That will allow me to diagnose if this is a problem with the exploit code that is new, or if it is simply that your target is correctly protected.

I'll leave this issue open for a bit to give time for your feedback, but otherwise I'll close it if it becomes inactive. Thank you!

As for @michele-dedonno observation. This is correct and expected. The other exploits do not support versions older than Windows 7. Please read each exploit code script carefully to see what targets are supported/tested. The zzz_exploit.py script uses the named pipe techniques from the eternal romance/champion/etc... variants and is NOT eternal blue, the rest are eternal blue. As such the zzz_exploit.py script supports almost every version given you have access to a named pipe, where the others attempt to exploit eternal blue on compatible systems (of which there are less). Because of this, windows XP (5.1) is only supported by the zzz_exploit.py script. Hope that helps!