Win2k3 SP1 vs MetaSploit - How many exploits can you exploit?

[IAMZOMBIE]

I'm currently playing around with a windows 2003 SP1 box. No further patches beyond SP1. No firewall.
Using backtrack4 fully updated.
It's weird, nessus says there's 5 High Risk vulnerabilities(ms08-067, ms09-001, ms05-027, ms06-040, and ms06-035),
but it seems like none of the exploits work. Using either metasploit manually or with fasttrack.

I'm wondering if anyone else has the same experience.
Is Windows 2003 SP1 without any patches that safe?



-Zombie

[bugger]

The ms08-067 exploit works fine, as well as most browser/client-sides. You will need to pick the target manually though (show targets, set TARGET X).

[Packet]

If you're looking to run exploits with metasploit, then I'd say scanning your box with NeXpose is a much more sensible choice, given the direct metasploit integration. Try it and see what you come up with.

[jmpebx]

If you're looking to run exploits with metasploit, then I'd say scanning your box with NeXpose is a much more sensible choice, given the direct metasploit integration. Try it and see what you come up with.

NeXpose is just a vulnerability scanner right? If Nessus is showing issues, but metasploit doesn't have the exploits to attack the issues, then I don't think this would resolve the OPs problem. The OP needs better exploits than what metasploit has.

[Qsl1pKNOTP]

Just making sure, you ARE using Framework3 right? And updated recently?

Also (though I've only used Windows 2003 once), does it have DEP/ASLR? As far as I know metasploit doesn't usually have DEP/ASLR integrated into the exploits, so one of the two could be blocking it. Also, does Metasploit say the exploit failed, or will it not even send the exploit?

[IAMZOMBIE]

Just making sure, you ARE using Framework3 right? And updated recently?

Also (though I've only used Windows 2003 once), does it have DEP/ASLR? As far as I know metasploit doesn't usually have DEP/ASLR integrated into the exploits, so one of the two could be blocking it. Also, does Metasploit say the exploit failed, or will it not even send the exploit?

Thanks for helping. Yeah I have DEP off on the OS. I'm doing all of this inside vmware workstation. I checked the bios on the vm target and there's not security options in the bios that I can see.

I did exploit 08-067 using the exploitdb, but metasploit dies and says it can't determine the language.
This is it's output:
[*] Started reverse handler on 192.168.126.129:4444
[*] Automatically detecting the target...
[*] Fingerprint: Windows 2003 Service Pack 1 - lang:Unknown
[*] Could not determine the exact language pack
[*] Exploit completed, but no session was created.

[sql-inj]

As mentioned before, set the language manually if it cant be detected automatically.

show targets
set target x

[eyeheartlinux]

Hey man, sometimes you have to play with the module options. For example, changing the SMBPIPE to SRVSVC with windows/ms08_067/netapi, I got a session. When it was set to BROWSER I got nothing. And if I recall correctly it gave me a language message as well when it was set to BROWSER. I am not trying to spoonfeed anyone just promote tweeking and exploring the options.