Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f200fe9b3f | |||
| 259c54acac | |||
| 7012369228 |
@@ -0,0 +1,4 @@
|
||||
build
|
||||
*.tmp*
|
||||
*.bak*
|
||||
*.~*
|
||||
@@ -0,0 +1,6 @@
|
||||
# Notes, Scratch, Prose
|
||||
- while method doesnt re-activate eternalblue risks, it _does_ demonsterably re-enable smb1 as is demonstrated by [nmap scan](assets/nmap-vuln-scan-indicating-eternalbliue-not-exploitable.txt).
|
||||
- next trick will be to dig deep and find out what else this method can enable
|
||||
- maybe even leverage into exploitability :3
|
||||
|
||||

|
||||
@@ -1,3 +1,11 @@
|
||||
# Welcome to the Sillyzone
|
||||
## This branch is not intended for human consumption
|
||||
## Only furries, freaks, transexuals, gays, horsefuckers, and other high-level malcontents are suited for this level of unhinged feral gremlin hacker shit
|
||||
|
||||
fuckit... lets ride this one and see where it takes us?
|
||||
|
||||
```
|
||||
Um, ok microsoft...
|
||||
have fun patching this,
|
||||
you patched EternalBlue before!
|
||||
```
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 279 KiB |
@@ -0,0 +1,67 @@
|
||||
nmap -sV -p139,445 --script smb-protocols,vuln,vulners 10.0.0.62
|
||||
|
||||
Starting Nmap 7.99 ( https://nmap.org ) at 2026-06-27 18:41 -0600
|
||||
Stats: 0:01:19 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
|
||||
NSE Timing: About 99.63% done; ETC: 18:42 (0:00:00 remaining)
|
||||
Nmap scan report for 10.0.0.62
|
||||
Host is up (0.00064s latency).
|
||||
|
||||
PORT STATE SERVICE VERSION
|
||||
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
|
||||
|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
|
||||
445/tcp open microsoft-ds Windows 10 Pro 26200 microsoft-ds (workgroup: WORKGROUP)
|
||||
|_smb-enum-services: ERROR: Script execution failed (use -d to debug)
|
||||
Service Info: Host: PRINCESSPI-DESK; OS: Windows; CPE: cpe:/o:microsoft:windows
|
||||
|
||||
Host script results:
|
||||
| smb-protocols:
|
||||
| dialects:
|
||||
| NT LM 0.12 (SMBv1) [dangerous, but default]
|
||||
| 2.0.2
|
||||
| 2.1
|
||||
| 3.0
|
||||
| 3.0.2
|
||||
|_ 3.1.1
|
||||
|_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED
|
||||
| smb-brute:
|
||||
| administrator:<blank> => Valid credentials, account disabled
|
||||
|_ guest:<blank> => Valid credentials, account disabled
|
||||
|_smb-print-text: false
|
||||
|_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED
|
||||
|_smb-vuln-ms10-054: false
|
||||
| smb-security-mode:
|
||||
| account_used: <blank>
|
||||
| authentication_level: user
|
||||
| challenge_response: supported
|
||||
|_ message_signing: required
|
||||
| smb-enum-shares:
|
||||
| note: ERROR: Enumerating shares failed, guessing at common ones (NT_STATUS_ACCESS_DENIED)
|
||||
| account_used: <blank>
|
||||
| \\10.0.0.62\ADMIN$:
|
||||
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||
| Anonymous access: <none>
|
||||
| \\10.0.0.62\C$:
|
||||
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||
| Anonymous access: <none>
|
||||
| \\10.0.0.62\D$:
|
||||
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||
| Anonymous access: <none>
|
||||
| \\10.0.0.62\E$:
|
||||
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||
| Anonymous access: <none>
|
||||
| \\10.0.0.62\IPC$:
|
||||
| warning: Couldn't get details for share: NT_STATUS_ACCESS_DENIED
|
||||
|_ Anonymous access: READ
|
||||
|_smb-flood: ERROR: Script execution failed (use -d to debug)
|
||||
| smb-os-discovery:
|
||||
| OS: Windows 10 Pro 26200 (Windows 10 Pro 6.3)
|
||||
| OS CPE: cpe:/o:microsoft:windows_10::-
|
||||
| Computer name: PrincessPi-Desk
|
||||
| NetBIOS computer name: PRINCESSPI-DESK\x00
|
||||
| Workgroup: WORKGROUP\x00
|
||||
|_ System time: 2026-06-27T18:42:59-06:00
|
||||
| smb-mbenum:
|
||||
|_ ERROR: Call to Browser Service failed with status = 2184
|
||||
|
||||
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
|
||||
Nmap done: 1 IP address (1 host up) scanned in 96.15 seconds
|
||||
@@ -0,0 +1,9 @@
|
||||
# NJL'S SMB1-Fucker
|
||||
1. gcc for win downloaded from here https://sourceforge.net/projects/gcc-win64/
|
||||
2. extracted to downdoots via 7zip
|
||||
3. ran test-mingw64.bat
|
||||
1. built a bunch of exes ig
|
||||
4. copied weapon.c to gcc bs dir
|
||||
5. `bin/gcc.exe weapon.c` compiles to `a.exe` which is da active exploit
|
||||
6. running `a.exe` quickly spams some shit and reboots box, preboot text indicating installation of a new feature
|
||||
7. did it not ask for uac? am i crazy? todo: test
|
||||
Reference in New Issue
Block a user