Hi there,

I am learning about penetration testing, i have set up a Windows Server 2003 R2 Enterprise virtual machine.

It is relatively unpatched (vulnerable to ms08-067), no antivirus, windows firewall, After a Nessus scan a few of these vulnerabilities were shown.

When i use fast-track.py to exploit this vulnerability (ms08-067) i immediately get a shell running as system. However, i would like to use meterpreter for all of its features than a simple netcat of cmd.exe and fasttrack provides no way to change the payload.

So i try to exploit the machine using Metasploit, using the appropriate settings, Using exploit: ms08_067_netapi, windows/meterpreter/bind_tcp OR reverse_tcp OR a simple bind shell (to test) however i get the following error:

Code:
Exploit target:

   Id  Name
   --  ----
   9   Windows 2003 SP2 English (NX)


msf exploit(ms08_067_netapi) > exploit
[*] Handler binding to LHOST 0.0.0.0[*] Started reverse handler
[-] Exploit failed: The server responded with error: STATUS_OBJECT_NAME_NOT_FOUND (Command=162 WordCount=0)[*] Exploit completed, but no session was created.
OR when trying to use SRVSVC:



Code:
Exploit target:

   Id  Name
   --  ----
   9   Windows 2003 SP2 English (NX)


msf exploit(ms08_067_netapi) > exploit
[*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler
[-] Exploit failed: The server responded with error: STATUS_ACCESS_DENIED (Command=162 WordCount=0)[*] Exploit completed, but no session was created.

When setting the target manually the exploit also fails as it cannot determine the language pack!

Please could somebody shed some light on this issue? is the metasploit exploit working correctly on R2? (Latest SVN)

Thanks,

Joe