metasploit-framework
metasploit-framework copied to clipboard
Published
20 hours ago •
rapid7
rapid7
Improve wmiexec to handle invalid password scenario and hashes
Summary
Improving invalid credential UX
When the credentials are invalid, there's no indication to the user:
msf6 auxiliary(scanner/smb/impacket/wmiexec) > run smb://Administrator:[email protected] command=dir
[*] Running for 192.168.123.25...
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
In comparison to using impacket directly:
python3 ~/impacket/examples/wmiexec.py 'adf3.local/Administrator:[email protected]'
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation
[-] SMB SessionError: STATUS_LOGON_FAILURE(The attempted logon is invalid. This is either due to a bad username or authentication information.)
Specifying hashes
There's also no way to specify hashes in the wmiexec module:
msf6 auxiliary(scanner/smb/impacket/wmiexec) > options
Module options (auxiliary/scanner/smb/impacket/wmiexec):
Name Current Setting Required Description
---- --------------- -------- -----------
COMMAND yes The command to execute
OUTPUT true yes Get the output of the executed command
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
SMBDomain . no The Windows domain to use for authentication
SMBPass yes The password for the specified username
SMBUser yes The username to authenticate as
THREADS 1 yes The number of concurrent threads (max one per host)
In comparison to using impacket directly:
python3 ~/impacket/examples/wmiexec.py adf3.local/[email protected] -hashes 'aad3b435b51404eeaad3b435b51404ee:32ede47af254546a82b1743953cc4950'
Impacket v0.9.22 - Copyright 2020 SecureAuth Corporation
[*] SMBv3.0 dialect used
[!] Launching semi-interactive shell - Careful what you execute
[!] Press help for extra shell commands
C:\>
Is there any ongoing effort on this issue? I'd like to contribute if not!
