ms17_010_eternalblue fails against some DCs

[bwatters-r7]

There's an interesting issue with ms17_010_eternalblue where once domain credentials are supplied, it fails on a Win2008x64R2 server when that server is promoted to a DC

Steps to reproduce

Take a Win2K8x64R2 (unpatched) server and a Win7x64SP1 unpatched workstation.

Verify eternalblue works against both.

Promote the Win2K8x64R2 machine to be a DC and add the Win7x64 as a member of the domain.

The exploit stops working on the 2K8x64 server.

Now, for the down and dirty: What happens is that the authentication appears to succeed, but then, there's an ACCESS_DENIED smb error during the trans2 attempt in the smb traffic. This is odd, as I was using a Domain Admin account.

If you want to see more, check out #10560 where I put up some screenshots of wireshark and snippets from the console.

Expected behavior

shells everywhere!

Current behavior

Shells only on the Windows 7x64 workstation, failures on the server

Running metasploit v5.0.0-dev-2fbbf88 via git

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.