Compare commits

3 Commits

Author SHA1 Message Date
PrincessPi3 f200fe9b3f HEY IM GIVING THE NORMIES FAIR FUCKING WARNING 2026-06-27 19:32:01 -06:00
PrincessPi3 259c54acac gay horse gay horse gay horse gay horse 2026-06-27 19:15:00 -06:00
PrincessPi3 7012369228 ahh fuck that gay horse is here to ruin my day again :3 2026-06-27 19:05:10 -06:00
6 changed files with 95 additions and 1 deletions
+4
View File
@@ -0,0 +1,4 @@
build
*.tmp*
*.bak*
*.~*
+6
View File
@@ -0,0 +1,6 @@
# Notes, Scratch, Prose
- while method doesnt re-activate eternalblue risks, it _does_ demonsterably re-enable smb1 as is demonstrated by [nmap scan](assets/nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt).
- next trick will be to dig deep and find out what else this method can enable
- maybe even leverage into exploitability :3
![holyshit-it-enables-smb1](assets/jesusfuckdude.png)
+8
View File
@@ -1,3 +1,11 @@
# Welcome to the Sillyzone
## This branch is not intended for human consumption
## Only furries, freaks, transexuals, gays, horsefuckers, and other high-level malcontents are suited for this level of unhinged feral gremlin hacker shit
fuckit... lets ride this one and see where it takes us?
```
Um, ok microsoft...
have fun patching this,
you patched EternalBlue before!
```
Binary file not shown.

After

Width:  |  Height:  |  Size: 279 KiB

@@ -0,0 +1,67 @@
nmap -sV -p139,445 --script smb-protocols,vuln,vulners 10.0.0.62
Starting Nmap 7.99 ( https://nmap.org ) at 2026-06-27 18:41 -0600
Stats: 0:01:19 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 99.63% done; ETC: 18:42 (0:00:00 remaining)
Nmap scan report for 10.0.0.62
Host is up (0.00064s latency).
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
445/tcp open microsoft-ds Windows 10 Pro 26200 microsoft-ds (workgroup: WORKGROUP)
|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
Service Info: Host: PRINCESSPI-DESK; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb-protocols:
| dialects:
| NT LM 0.12 (SMBv1) [dangerous, but default]
| 2.0.2
| 2.1
| 3.0
| 3.0.2
|_ 3.1.1
|_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED
| smb-brute:
| administrator:<blank> => Valid credentials, account disabled
|_ guest:<blank> => Valid credentials, account disabled
|_smb-print-text: false
|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED
|_smb-vuln-ms10-054: false
| smb-security-mode:
| account_used: <blank>
| authentication_level: user
| challenge_response: supported
|_ message_signing: required
| smb-enum-shares:
| note: ERROR: Enumerating shares failed, guessing at common ones (NT_STATUS_ACCESS_DENIED)
| account_used: <blank>
| \\10.0.0.62\ADMIN$:
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
| Anonymous access: <none>
| \\10.0.0.62\C$:
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
| Anonymous access: <none>
| \\10.0.0.62\D$:
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
| Anonymous access: <none>
| \\10.0.0.62\E$:
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
| Anonymous access: <none>
| \\10.0.0.62\IPC$:
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|_ Anonymous access: READ
|_smb-flood: ERROR: Script execution failed (use -d to debug)
| smb-os-discovery:
| OS: Windows 10 Pro 26200 (Windows 10 Pro 6.3)
| OS CPE: cpe:/o:microsoft:windows_10::-
| Computer name: PrincessPi-Desk
| NetBIOS computer name: PRINCESSPI-DESK\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2026-06-27T18:42:59-06:00
| smb-mbenum:
|_ ERROR: Call to Browser Service failed with status = 2184
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 96.15 seconds
+9
View File
@@ -0,0 +1,9 @@
# NJL'S SMB1-Fucker
1. gcc for win downloaded from here https://sourceforge.net/projects/gcc-win64/
2. extracted to downdoots via 7zip
3. ran test-mingw64.bat
1. built a bunch of exes ig
4. copied weapon.c to gcc bs dir
5. `bin/gcc.exe weapon.c` compiles to `a.exe` which is da active exploit
6. running `a.exe` quickly spams some shit and reboots box, preboot text indicating installation of a new feature
7. did it not ask for uac? am i crazy? todo: test