Legacy - ms08_067 exploit - produces error: STATUS_OBJECT_NAME_NOT_FOUND (Command=162 WordCount=0)

HTB Content Machines
1

Here are the options I am using in metasploit for the ms08_067 exploit:

msf6 exploit(windows/smb/ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

Name Current Setting Required Description

RHOSTS 10.129.38.127 yes The target host(s), range CIDR identifier, or hosts file with syntax ‘file:

RPORT 445 yes The SMB service port (TCP)
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description

EXITFUNC thread yes Exit technique (Accepted: ‘’, seh, thread, process, none)
LHOST REDACTED yes The listen address (an interface may be specified)
LPORT 8923 yes The listen port

Exploit target:

Id Name

6 Windows XP SP3 English (AlwaysOn NX)

I have tried the python exploit found on github with the same results as shown below:

kali@kali:~/hackthebox/Legacy/ms08_067$ python ms08_067_2018.py 10.129.38.127 7 445
#######################################################################

MS08-067 Exploit

This is a modified verion of Debasis Mohanty’s code (Microsoft Windows Server 2000/2003 - Code Execution (MS08-067) - Windows remote Exploit).

The return addresses and the ROP parts are ported from metasploit module exploit/windows/smb/ms08_067_netapi

Mod in 2018 by Andy Acer:

- Added support for selecting a target port at the command line.

It seemed that only 445 was previously supported.

- Changed library calls to correctly establish a NetBIOS session for SMB transport

- Changed shellcode handling to allow for variable length shellcode. Just cut and paste

into this source file.

#######################################################################

Windows XP SP3 English (AlwaysOn NX)

[-]Initiating connection
Exception in thread Thread-1:
Traceback (most recent call last):
File “/usr/lib/python2.7/threading.py”, line 801, in __bootstrap_inner
self.run()
File “ms08_067_2018.py”, line 206, in run
self.__DCEPacket()
File “ms08_067_2018.py”, line 181, in __DCEPacket
self.__trans.connect()
File “/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/transport.py”, line 394, in connect
self.__handle = self.__smb_connection.openFile(self.__tid, self.__filename)
File “/usr/local/lib/python2.7/dist-packages/impacket/smbconnection.py”, line 516, in openFile
raise SessionError(e.get_error_code(), e.get_error_packet())
SessionError: SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)

I have downgraded metasploit to version 5 with the same results.

I have tried numerous payloads and targets.

I have reset the box several times.

I have checked my VMware Kali box configuration and created a new Kali box.

Any help would be greatly appreciated!

2

I just did it and it worked as expected.

RHOSTS 10.129.38.127
Where does this IP come from ? I have 10.10.10.4 for Legacy.

3

It’s the IP for a VIP+ server instance of the box.

4

I was finally able to get this to work. I made a new box for my attacking machine. The only difference is that I used Parrot OS instead of Kali. I used Parrot OS all through my Associates Degree program for Penetration Testing. I guess I should have never veered from it.

5

The error “STATUS_OBJECT_NAME_NOT_FOUND” typically indicates that the target system is not vulnerable to the ms08_067 exploit. This exploit targets a vulnerability in the Windows Server service that allows an attacker to execute code remotely on a vulnerable system.

However, it’s possible that the target system has been patched or that the exploit code is not compatible with the specific system configuration you are targeting. The error message you provided suggests that the exploit code was not able to find the object it was looking for, which could indicate a problem with the way the exploit was configured or executed.

If you’re trying to exploit a vulnerable system, you may want to try a different exploit or check to make sure that the target system is actually vulnerable to the ms08_067 exploit. If you’re trying to test your own system for vulnerabilities, you may want to try running the exploit from a different system or network to see if you get a different result. It’s also important to note that attempting to exploit systems without permission is illegal and can result in serious consequences.

Regards,
Rachel Gomez