MS08-067 (CVE-2008-4250) Remote command execution vulnerability

tags: Vulnerability  system security  windows


Foreword

This article is reproduced in the loopholes that appeared in 2008. It is only used as a reference for learning. Do not use it illegally!


Introduction

The MS08-067 vulnerability is triggered by calling the NetpathCanonicalize function in the server service program through the MSRPC Over SMB channel, and the NetPathCanonicalize function will call the NetpwpathCanOnicalize function when remotely accessing other hosts to remote access to remote access. The path is standardized, and in the NetpwpathCanonicalize function The stack buffer memory error occurs, resulting in the implementation of remote code execution.

The Windows Server service has a buffer overflow vulnerability when processing special RPC requests. Remote attackers can trigger this overflow by sending malicious RPC requests, resulting in a complete invasion of the user system. System permissions execute arbitrary instructions. forWindows 2000XP and Server 2003You can use this vulnerability without authentication. ForWindows Vista and Server 2008, May need to be certified

Second, influence

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Vista and Windows Vista Service Pack 1
 Windows Vista X64 Edition and Windows Vista X64 Edition Service Pack 1
 Windows Server 2008 (for 32 -bit system)
 Windows Server 2008 (for system based on X64)
 Windows Server 2008 (for iTanium -based system)
 Windows 7 beta (for 32 -bit system)
Windows 7 Beta x64 Edition
 Windows 7 beta (for iTanium -based system)

Third, vulnerability harm

The server is executed by the remote command and obtains the permissions of the host system. It is mainly used for the 445 port of SMB service

Fourth, local reproduction

  • lab environment:KaLi Linux IP:192.168.52.129
  • Attack machine:Windows XP SP3 IP:192.168.52.145

Use the following command to scan

Nmap -P0 -T4 -p 445 –script=smb-vuln-ms08-067.nse 192.168.52.145

Module address->/usr/share/nmap/script/

Discover through scanningMS08-067 Vulnerability, then use it.

use search MS08-067 // Search MS08-067 module

Search the module for use

Execute attack

The attack is successful! Get the highest permissions.

Replenish:set target There may be problems with the default configuration. It is recommended to manually choose according to its own system.

Five, patch number

  • KB958644

6. Windows Server 2003 SP2 Chinese version Utilization method

First enter the following directory

/usr/share/metasploit-framework/modules/exploits/windows/smb

Open ms08_067_netapi.rb file, add the following content


Save-> Exit (wq!) Using it!

7. Deep analysis of the principle of vulnerability

Refer to the following articles

  • https://www.freebuf.com/vuls/203881.html

Intelligent Recommendation

Win MS08-067 vulnerability reproduction

Sphere of influence: Windows 2000 Windows XP Windows Server 2003 Reproduce the environment win xp :192.168.31.49 kali :192.168.31.117 recurrent: Does nmap scan vulnerability exist: Open metasploite, f...

MS08-067 vulnerability reproduction experiment

MS08-067 vulnerability reproduction experiment Realize environment preparation: Attack machine: kali (IP: 192.168.153.129) Target drone: Windows XP (IP: 192.168.153.128) Attack tools: metasploit-frame...

MS08-067 vulnerability attack practice

Metasploit ms08_067 vulnerability attack practice Environmental preparation Two virtual machines, one is kali, as an attacker, and the other is windows xp sp3 Host IP kali 192.168.78.145 windows xp sp...

MS08-067 Vulnerability Analysis and Reclaim

A vulnerability recovery experiment made by a network space security professional student, if there is a mistake or improvement, please advise. MS08-067 Vulnerability Analysis and Reclaim content MS08...

Introduction and Exploitation of MS08-067 Vulnerability

The MS08-067 vulnerability will affect all Windows systems except Windows Server 2008 Core, including: various versions of Windows 2000/XP/Server 2003/Vista/Server 2008, and even Windows 7 Pro-Beta in...

More Recommendation

CVE-2020-10199 remote command execution vulnerability

Nexus Repository Manager 3 remote command execution vulnerability (CVE-2020-10199) In its 3.21.1 and earlier versions, there is an arbitrary EL expression injection vulnerability. Reproduce the enviro...

CVE-2017-8464 Remote Command Execution Vulnerability

CVE-2017-8464 Remote Command Execution Vulnerability Vulnerability description On June 13, 2017, Microsoft officially released a vulnerability notice number CVE-2017-8464, and the official introduces ...

Webmin remote command execution vulnerability (CVE-2019-15107) vulnerability recurrence

Vulnerability introduction Webmin is a management configuration tool used to manage Unix-like systems, with a Web page. In its password recovery page, there is a command injection vulnerability that d...

Jenkins remote command execution vulnerability CVE-2018-1000861 vulnerability replay

Jenkins remote command execution vulnerability (CVE-2018-1000861) by ADummy 0x00 utilization route Deversion to generate a Ser file-> existing POC direct delivery 0x01 vulnerability introduction ​ ...

Copyright  DMCA © 2018-2026 - All Rights Reserved - www.programmersought.com  User Notice

Top