MS08-67 and windows R2
I have a quesiton regarding the ms08-067 exploit, does any one was able to exploit a R2 machine? I tested on xp sp2 and sp3 and works just fine, but I got a problem when I do it to a Windows 2003 R2 machine, I guess the fingerprint is different, what I dont have is a Windows 2003 server, so I wasnt able to test the exploit on those type of servers, any one got it working on R2 Servers??
Well It would help to know what exploit your using so we could have a look at the code or maybe someone would be willing to try it out for you on a machine in their lab.
EDIT: So I was told by hdm (creator of Metasploit) that the NX address's are different in RC2
I am using the ms08-067 exploit from Metasploit.
What is the NX address?
Has to do with the memorey address
You could try copying and pasting one of the targets and try just changing the return address and the DisableNX address.
This is located inside the code:
$ msfpescan -j esi acgenral.dll
Pick whatever address you like, just make sure it does not contain 00 0a 0d 5c 2f or 2e.
Next, find the location of the function we use to disable NX. Use the following command:
$ msfpescan -r "\x6A\x04\x8D\x45\x08\x50\x6A\x22\x6A\xFF" acgenral.dll
thanks for the info!! i will try to do that.
I am kind a new on writing/modifing exploits, so, sorry for this questions:
acgenral.dll is only an example right? because the affected DLL is the netapi, or I am wrong?
what this mean?
I am not expecting a full class, but if you or any one can give me a direction onthe language I can get a book and learn it by myself, but I dont know what kind language is that.
Look like there is a worm doing the rounds already:
I was able to exploit an unpatched Server 2003 R2 SP2 server in a virtual machine using the ms08_67_netapi exploit in metasploit. I used the NO NX option in the GUI. I had some trouble doing it in msfconsole, which i prefer to use.