From 701236922870747580407f5bf9a9c25d688d1b54 Mon Sep 17 00:00:00 2001 From: PrincessPi3 Date: Sat, 27 Jun 2026 19:05:10 -0600 Subject: [PATCH] ahh fuck that gay horse is here to ruin my day again :3 --- ... (# Edit conflict 2026-06-27 npidliC #).md | 3 + Notes-Scratch-Prose.md | 4 ++ build-notes.md | 9 +++ ...ndicating-eternalbliue-not-exploitable.txt | 67 +++++++++++++++++++ 4 files changed, 83 insertions(+) create mode 100644 Notes-Scratch-Prose (# Edit conflict 2026-06-27 npidliC #).md create mode 100644 Notes-Scratch-Prose.md create mode 100644 build-notes.md create mode 100644 nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt diff --git a/Notes-Scratch-Prose (# Edit conflict 2026-06-27 npidliC #).md b/Notes-Scratch-Prose (# Edit conflict 2026-06-27 npidliC #).md new file mode 100644 index 0000000..dae5c36 --- /dev/null +++ b/Notes-Scratch-Prose (# Edit conflict 2026-06-27 npidliC #).md @@ -0,0 +1,3 @@ +# Notes, Scratch, Prose +- while method doesnt re-activate eternalblue risks, it _does_ demonsterably re-enable smb1 as is demonstrated by nmap scanms. +- \ No newline at end of file diff --git a/Notes-Scratch-Prose.md b/Notes-Scratch-Prose.md new file mode 100644 index 0000000..730091e --- /dev/null +++ b/Notes-Scratch-Prose.md @@ -0,0 +1,4 @@ +# Notes, Scratch, Prose +- while method doesnt re-activate eternalblue risks, it _does_ demonsterably re-enable smb1 as is demonstrated by [nmap scan](nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt). +- next trick will be to dig deep and find out what else this method can enable + - maybe even leverage into exploitability :3 \ No newline at end of file diff --git a/build-notes.md b/build-notes.md new file mode 100644 index 0000000..36e6c85 --- /dev/null +++ b/build-notes.md @@ -0,0 +1,9 @@ +# NJL'S SMB1-Fucker +1. gcc for win downloaded from here https://sourceforge.net/projects/gcc-win64/ +2. extracted to downdoots via 7zip +3. ran test-mingw64.bat + 1. built a bunch of exes ig +4. copied weapon.c to gcc bs dir +5. `bin/gcc.exe weapon.c` compiles to `a.exe` which is da active exploit +6. running `a.exe` quickly spams some shit and reboots box, preboot text indicating installation of a new feature +7. did it not ask for uac? am i crazy? todo: test \ No newline at end of file diff --git a/nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt b/nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt new file mode 100644 index 0000000..ac1c628 --- /dev/null +++ b/nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt @@ -0,0 +1,67 @@ +nmap -sV -p139,445 --script smb-protocols,vuln,vulners 10.0.0.62 + +Starting Nmap 7.99 ( https://nmap.org ) at 2026-06-27 18:41 -0600 +Stats: 0:01:19 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan +NSE Timing: About 99.63% done; ETC: 18:42 (0:00:00 remaining) +Nmap scan report for 10.0.0.62 +Host is up (0.00064s latency). + +PORT STATE SERVICE VERSION +139/tcp open netbios-ssn Microsoft Windows netbios-ssn +|_smb-enum-services: ERROR: Script execution failed (use -d to debug) +445/tcp open microsoft-ds Windows 10 Pro 26200 microsoft-ds (workgroup: WORKGROUP) +|_smb-enum-services: ERROR: Script execution failed (use -d to debug) +Service Info: Host: PRINCESSPI-DESK; OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +| smb-protocols: +| dialects: +| NT LM 0.12 (SMBv1) [dangerous, but default] +| 2.0.2 +| 2.1 +| 3.0 +| 3.0.2 +|_ 3.1.1 +|_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED +| smb-brute: +| administrator: => Valid credentials, account disabled +|_ guest: => Valid credentials, account disabled +|_smb-print-text: false +|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED +|_smb-vuln-ms10-054: false +| smb-security-mode: +| account_used: +| authentication_level: user +| challenge_response: supported +|_ message_signing: required +| smb-enum-shares: +| note: ERROR: Enumerating shares failed, guessing at common ones (NT_STATUS_ACCESS_DENIED) +| account_used: +| \\10.0.0.62\ADMIN$: +| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED +| Anonymous access: +| \\10.0.0.62\C$: +| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED +| Anonymous access: +| \\10.0.0.62\D$: +| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED +| Anonymous access: +| \\10.0.0.62\E$: +| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED +| Anonymous access: +| \\10.0.0.62\IPC$: +| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED +|_ Anonymous access: READ +|_smb-flood: ERROR: Script execution failed (use -d to debug) +| smb-os-discovery: +| OS: Windows 10 Pro 26200 (Windows 10 Pro 6.3) +| OS CPE: cpe:/o:microsoft:windows_10::- +| Computer name: PrincessPi-Desk +| NetBIOS computer name: PRINCESSPI-DESK\x00 +| Workgroup: WORKGROUP\x00 +|_ System time: 2026-06-27T18:42:59-06:00 +| smb-mbenum: +|_ ERROR: Call to Browser Service failed with status = 2184 + +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +Nmap done: 1 IP address (1 host up) scanned in 96.15 seconds