tags: Vulnerability system security windows
This article is reproduced in the loopholes that appeared in 2008. It is only used as a reference for learning. Do not use it illegally!
The MS08-067 vulnerability is triggered by calling the NetpathCanonicalize function in the server service program through the MSRPC Over SMB channel, and the NetPathCanonicalize function will call the NetpwpathCanOnicalize function when remotely accessing other hosts to remote access to remote access. The path is standardized, and in the NetpwpathCanonicalize function The stack buffer memory error occurs, resulting in the implementation of remote code execution.
The Windows Server service has a buffer overflow vulnerability when processing special RPC requests. Remote attackers can trigger this overflow by sending malicious RPC requests, resulting in a complete invasion of the user system. System permissions execute arbitrary instructions. forWindows 2000、XP and Server 2003You can use this vulnerability without authentication. ForWindows Vista and Server 2008, May need to be certified
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Vista and Windows Vista Service Pack 1
Windows Vista X64 Edition and Windows Vista X64 Edition Service Pack 1
Windows Server 2008 (for 32 -bit system)
Windows Server 2008 (for system based on X64)
Windows Server 2008 (for iTanium -based system)
Windows 7 beta (for 32 -bit system)
Windows 7 Beta x64 Edition
Windows 7 beta (for iTanium -based system)
The server is executed by the remote command and obtains the permissions of the host system. It is mainly used for the 445 port of SMB service
Use the following command to scan
Nmap -P0 -T4 -p 445 –script=smb-vuln-ms08-067.nse 192.168.52.145
Module address->/usr/share/nmap/script/

Discover through scanningMS08-067 Vulnerability, then use it.
use search MS08-067 // Search MS08-067 module

Search the module for use

Execute attack

The attack is successful! Get the highest permissions.
Replenish:set target There may be problems with the default configuration. It is recommended to manually choose according to its own system.
First enter the following directory
/usr/share/metasploit-framework/modules/exploits/windows/smb
Open ms08_067_netapi.rb file, add the following content


Save-> Exit (wq!) Using it!
Refer to the following articles
Sphere of influence: Windows 2000 Windows XP Windows Server 2003 Reproduce the environment win xp :192.168.31.49 kali :192.168.31.117 recurrent: Does nmap scan vulnerability exist: Open metasploite, f...
MS08-067 vulnerability reproduction experiment Realize environment preparation: Attack machine: kali (IP: 192.168.153.129) Target drone: Windows XP (IP: 192.168.153.128) Attack tools: metasploit-frame...
Metasploit ms08_067 vulnerability attack practice Environmental preparation Two virtual machines, one is kali, as an attacker, and the other is windows xp sp3 Host IP kali 192.168.78.145 windows xp sp...
A vulnerability recovery experiment made by a network space security professional student, if there is a mistake or improvement, please advise. MS08-067 Vulnerability Analysis and Reclaim content MS08...
The MS08-067 vulnerability will affect all Windows systems except Windows Server 2008 Core, including: various versions of Windows 2000/XP/Server 2003/Vista/Server 2008, and even Windows 7 Pro-Beta in...
Nexus Repository Manager 3 remote command execution vulnerability (CVE-2020-10199) In its 3.21.1 and earlier versions, there is an arbitrary EL expression injection vulnerability. Reproduce the enviro...
CVE-2017-8464 Remote Command Execution Vulnerability Vulnerability description On June 13, 2017, Microsoft officially released a vulnerability notice number CVE-2017-8464, and the official introduces ...
Process: turn:...
Vulnerability introduction Webmin is a management configuration tool used to manage Unix-like systems, with a Web page. In its password recovery page, there is a command injection vulnerability that d...
Jenkins remote command execution vulnerability (CVE-2018-1000861) by ADummy 0x00 utilization route Deversion to generate a Ser file-> existing POC direct delivery 0x01 vulnerability introduction ...