Metasploit mailing list archives
Unreliable exploitation with ms08_067_netapi ?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 3 Jun 2010 13:48:05 +0000
Hi I use nmap to detect Windows machine vulnerable to ms08_067, it works very well. I also use nmap -sV -sC -p 443 target to get a precise identification of the system, and it's very helpful like telling me the Windows version and even service pack. It's essential to set the target on metasploit. Independent of this, to set a correct target I need to know the OS language and if NX is in use or not. Metasploit has a script to detect OS language on port 445 but my experience is very bad, sometimes work but most of the time it just return unknown. There is no way to improve it? Also, there is a way to detect if NX is in use remotely? I'm asking because most of the times the auto-target fail like that msf exploit(ms08_067_netapi) > exploit [*] Started bind handler [*] Automatically detecting the target... [*] Fingerprint: Windows 2003 Service Pack 2 - lang:Unknown [-] Could not determine the exact language pack [*] Auto-targeting failed, use 'show targets' to manually select one [*] Exploit completed, but no session was created. After that, I have no more shots, I only get [*] Started bind handler [-] Exploit failed: The server responded with error: STATUS_OBJECT_NAME_NOT_FOUND (Command=162 WordCount=0) [*] Exploit completed, but no session was created. I'm using SVN version. I'm kind of disappointed, I tested in 8 machines and all failed like that. Reading on google people say it may be because AV blocked meterpreter, etc. Is it real? Change to a common bind_tcp payload may be a more reliable option? I personally believe it's a problem with offsets related with Lang or NX / NO NX. I tested 2 machines with target 9 (Win2003 SP2 English NX) and other two with target 8 (Win2003 SP2 English NO NX) and all failed. I live in a country where the native lang is English, so I believe it should be correct... Maybe there are missing more offsets for Windows 2003 + SP2? Maybe not English? What your experience tells me? What you do in a case like that? Thanks. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Unreliable exploitation with ms08_067_netapi ? Richard Miles (Jun 03)
- Re: Unreliable exploitation with ms08_067_netapi ? HD Moore (Jun 03)
- Re: Unreliable exploitation with ms08_067_netapi ? Richard Miles (Jun 03)
- Re: Unreliable exploitation with ms08_067_netapi ? HD Moore (Jun 03)
- Re: Unreliable exploitation with ms08_067_netapi ? Richard Miles (Jun 03)
- Re: Unreliable exploitation with ms08_067_netapi ? Richard Miles (Jun 03)
- Re: Unreliable exploitation with ms08_067_netapi ? HD Moore (Jun 03)