Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f200fe9b3f | |||
| 259c54acac | |||
| 7012369228 |
@@ -0,0 +1,4 @@
|
|||||||
|
build
|
||||||
|
*.tmp*
|
||||||
|
*.bak*
|
||||||
|
*.~*
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
# Notes, Scratch, Prose
|
||||||
|
- while method doesnt re-activate eternalblue risks, it _does_ demonsterably re-enable smb1 as is demonstrated by [nmap scan](assets/nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt).
|
||||||
|
- next trick will be to dig deep and find out what else this method can enable
|
||||||
|
- maybe even leverage into exploitability :3
|
||||||
|
|
||||||
|

|
||||||
@@ -1,3 +1,11 @@
|
|||||||
|
# Welcome to the Sillyzone
|
||||||
|
## This branch is not intended for human consumption
|
||||||
|
## Only furries, freaks, transexuals, gays, horsefuckers, and other high-level malcontents are suited for this level of unhinged feral gremlin hacker shit
|
||||||
|
|
||||||
|
fuckit... lets ride this one and see where it takes us?
|
||||||
|
|
||||||
|
```
|
||||||
Um, ok microsoft...
|
Um, ok microsoft...
|
||||||
have fun patching this,
|
have fun patching this,
|
||||||
you patched EternalBlue before!
|
you patched EternalBlue before!
|
||||||
|
```
|
||||||
Binary file not shown.
|
After Width: | Height: | Size: 279 KiB |
@@ -0,0 +1,67 @@
|
|||||||
|
nmap -sV -p139,445 --script smb-protocols,vuln,vulners 10.0.0.62
|
||||||
|
|
||||||
|
Starting Nmap 7.99 ( https://nmap.org ) at 2026-06-27 18:41 -0600
|
||||||
|
Stats: 0:01:19 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
|
||||||
|
NSE Timing: About 99.63% done; ETC: 18:42 (0:00:00 remaining)
|
||||||
|
Nmap scan report for 10.0.0.62
|
||||||
|
Host is up (0.00064s latency).
|
||||||
|
|
||||||
|
PORT STATE SERVICE VERSION
|
||||||
|
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|
||||||
|
|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
|
||||||
|
445/tcp open microsoft-ds Windows 10 Pro 26200 microsoft-ds (workgroup: WORKGROUP)
|
||||||
|
|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
|
||||||
|
Service Info: Host: PRINCESSPI-DESK; OS: Windows; CPE: cpe:/o:microsoft:windows
|
||||||
|
|
||||||
|
Host script results:
|
||||||
|
| smb-protocols:
|
||||||
|
| dialects:
|
||||||
|
| NT LM 0.12 (SMBv1) [dangerous, but default]
|
||||||
|
| 2.0.2
|
||||||
|
| 2.1
|
||||||
|
| 3.0
|
||||||
|
| 3.0.2
|
||||||
|
|_ 3.1.1
|
||||||
|
|_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED
|
||||||
|
| smb-brute:
|
||||||
|
| administrator:<blank> => Valid credentials, account disabled
|
||||||
|
|_ guest:<blank> => Valid credentials, account disabled
|
||||||
|
|_smb-print-text: false
|
||||||
|
|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED
|
||||||
|
|_smb-vuln-ms10-054: false
|
||||||
|
| smb-security-mode:
|
||||||
|
| account_used: <blank>
|
||||||
|
| authentication_level: user
|
||||||
|
| challenge_response: supported
|
||||||
|
|_ message_signing: required
|
||||||
|
| smb-enum-shares:
|
||||||
|
| note: ERROR: Enumerating shares failed, guessing at common ones (NT_STATUS_ACCESS_DENIED)
|
||||||
|
| account_used: <blank>
|
||||||
|
| \\10.0.0.62\ADMIN$:
|
||||||
|
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||||
|
| Anonymous access: <none>
|
||||||
|
| \\10.0.0.62\C$:
|
||||||
|
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||||
|
| Anonymous access: <none>
|
||||||
|
| \\10.0.0.62\D$:
|
||||||
|
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||||
|
| Anonymous access: <none>
|
||||||
|
| \\10.0.0.62\E$:
|
||||||
|
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||||
|
| Anonymous access: <none>
|
||||||
|
| \\10.0.0.62\IPC$:
|
||||||
|
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||||
|
|_ Anonymous access: READ
|
||||||
|
|_smb-flood: ERROR: Script execution failed (use -d to debug)
|
||||||
|
| smb-os-discovery:
|
||||||
|
| OS: Windows 10 Pro 26200 (Windows 10 Pro 6.3)
|
||||||
|
| OS CPE: cpe:/o:microsoft:windows_10::-
|
||||||
|
| Computer name: PrincessPi-Desk
|
||||||
|
| NetBIOS computer name: PRINCESSPI-DESK\x00
|
||||||
|
| Workgroup: WORKGROUP\x00
|
||||||
|
|_ System time: 2026-06-27T18:42:59-06:00
|
||||||
|
| smb-mbenum:
|
||||||
|
|_ ERROR: Call to Browser Service failed with status = 2184
|
||||||
|
|
||||||
|
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
|
||||||
|
Nmap done: 1 IP address (1 host up) scanned in 96.15 seconds
|
||||||
@@ -0,0 +1,9 @@
|
|||||||
|
# NJL'S SMB1-Fucker
|
||||||
|
1. gcc for win downloaded from here https://sourceforge.net/projects/gcc-win64/
|
||||||
|
2. extracted to downdoots via 7zip
|
||||||
|
3. ran test-mingw64.bat
|
||||||
|
1. built a bunch of exes ig
|
||||||
|
4. copied weapon.c to gcc bs dir
|
||||||
|
5. `bin/gcc.exe weapon.c` compiles to `a.exe` which is da active exploit
|
||||||
|
6. running `a.exe` quickly spams some shit and reboots box, preboot text indicating installation of a new feature
|
||||||
|
7. did it not ask for uac? am i crazy? todo: test
|
||||||
Reference in New Issue
Block a user