Results 1 to 8 of 8

Thread: MS08-67 and windows R2

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jan 2006
    Posts
    11

    Default MS08-67 and windows R2

    hello Folks!

    I have a quesiton regarding the ms08-067 exploit, does any one was able to exploit a R2 machine? I tested on xp sp2 and sp3 and works just fine, but I got a problem when I do it to a Windows 2003 R2 machine, I guess the fingerprint is different, what I dont have is a Windows 2003 server, so I wasnt able to test the exploit on those type of servers, any one got it working on R2 Servers??

    Thansk!!!

    <Server>

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Well It would help to know what exploit your using so we could have a look at the code or maybe someone would be willing to try it out for you on a machine in their lab.

    EDIT: So I was told by hdm (creator of Metasploit) that the NX address's are different in RC2

  3. #3
    Just burned his ISO
    Join Date
    Jan 2006
    Posts
    11

    Default

    I am using the ms08-067 exploit from Metasploit.

    What is the NX address?

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Has to do with the memorey address

  5. #5
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    You could try copying and pasting one of the targets and try just changing the return address and the DisableNX address.


    This is located inside the code:

    $ msfpescan -j esi acgenral.dll

    Pick whatever address you like, just make sure it does not contain 00 0a 0d 5c 2f or 2e.

    Next, find the location of the function we use to disable NX. Use the following command:

    $ msfpescan -r "\x6A\x04\x8D\x45\x08\x50\x6A\x22\x6A\xFF" acgenral.dll

  6. #6
    Just burned his ISO
    Join Date
    Jan 2006
    Posts
    11

    Default

    thanks for the info!! i will try to do that.

    I am kind a new on writing/modifing exploits, so, sorry for this questions:

    acgenral.dll is only an example right? because the affected DLL is the netapi, or I am wrong?

    what this mean?
    \x6A\x04\x8D\x45\x08\x50\x6A\x22\x6A\xFF

    I am not expecting a full class, but if you or any one can give me a direction onthe language I can get a book and learn it by myself, but I dont know what kind language is that.

    Thanks!!

  7. #7
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default

    Look like there is a worm doing the rounds already:


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •