Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 41

Thread: Playing with ms08_067

  1. #11
    Member
    Join Date
    Jun 2008
    Posts
    50

    Default

    I assume this will not work on a firewalled pc? Will test later when I get a chance

  2. #12
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by letmein View Post
    I assume this will not work on a firewalled pc? Will test later when I get a chance
    Yes it will. I did it on a fresh install of server 2003 with the default firewall settings. If the server is behind NAT you would have to change the payload to something that would connect back to you using a metasploit client or something along the lines of netcat. I guess I could expand the tutorial to include that if anyone's interested.

  3. #13
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    "Default firewall settings" means port 445 open????
    Weird
    Don't eat yellow snow :rolleyes:

  4. #14
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by hawaii67 View Post
    "Default firewall settings" means port 445 open????
    Weird
    Well I'm no server expert but I assumed the firewall was on by default like in most windows products. Maybe it wasn't. I guess I could check.

  5. #15
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Nice tutorial. Tried it on Windows XP SP3 and worked as soon as file and printer sharing was enabled in the firewall.

    The windows/smb/ms08_067_netapi exploit can naturally also be used from within metasploit which will allow you to easily change the payload, for example to meterpreter.
    -Monkeys are like nature's humans.

  6. #16
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Got everyone's permission last lunch break at school, and amazingly (at a
    computer school), 3 out of the 15 XP users were vulnerable (SP3). I created a text
    file on everyone's desktop linking to the patch :b.
    I would recommend the Metasploit module as Tron says too. Combine it with the scanner/smb/version module and your prepared (:
    - Poul Wittig

  7. #17
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    I would recommend the Metasploit module as Tron says too. Combine it with the scanner/smb/version module and your prepared (:
    I was only posting a alternate way to do it.

  8. #18
    Member imported_Deathray's Avatar
    Join Date
    Oct 2007
    Posts
    381

    Default

    Quote Originally Posted by pureh@te View Post
    I was only posting a alternate way to do it.
    I didn't mean it like that pureh@te. I myself found your tutorial very useful as I never knew about the nmap scripting engine, and it seems pretty cool (: . What I meant was the actual exploiting process might be more practical through metasploit as you have more options such as IDS evasion and payload selection.
    Oh yeah and people do take care when using smb-check-vulns.nse. "Out of 82 vulnerable systems scanned, 52 crashed." :P
    - Poul Wittig

  9. #19
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Out of 82 vulnerable systems scanned, 52 crashed.
    You have to break a few eggs to make a omelet

  10. #20
    Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    First of all, let me state this is an excellent thread. Haven't had one of these in months. Thanks pureh@te!

    Quote Originally Posted by =Tron= View Post
    Tried it on Windows XP SP3 and worked as soon as file and printer sharing was enabled in the firewall.
    Tried this on my SP3 XP Box and it crashes with the firewall on! Now if I turn it off it will go through. Note that "file and printer sharing" is on by default. I used the metasploit framework with the windows/smb/ms08_067_netapi exploit and meterpreter as the payload.
    QuadCore AMD Phenon X4 9950, 2600 MHz
    8GB DDR2 800MHz
    Dual Boot System: Windows Server 2008 x64 w/ Hyper-V, Ubuntu 9.10 x64

Page 2 of 5 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •