Skorpinok Rover Posted May 14, 2012 Share Posted May 14, 2012 Hello, Im using backtrack 5R2 inside virtual machine along with target machine Windows XP SP2, The add user exploit ms03_026_dcom fails to complete on my target machine , the firewall is off, iam i wrong somewhere ? are there any settings to be done on target machine ? please suggest me, great thanks in advance. Payload options (windows/adduser): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC thread yes Exit technique: seh, thread, process, none PASS metasploit yes The password for this user USER metasploit yes The username to create Exploit target: Id Name -- ---- 0 Windows NT SP3-6a/2000/XP/2003 Universal msf exploit(ms03_026_dcom) > exploit [*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.56.101[135] ... [*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:192.168.56.101[135] ... [*] Sending exploit ... msf exploit(ms03_026_dcom) > Regards. Quote Link to comment Share on other sites More sharing options...
Raziel Posted May 14, 2012 Share Posted May 14, 2012 That's a pretty old exploit. Are you sure your target machine is vulnerable to it? It would be extremely rare to see that vuln in the real world. Quote Link to comment Share on other sites More sharing options...
digip Posted May 16, 2012 Share Posted May 16, 2012 Its possible that exploit was fixed in SP2 or some other update the machine was already patched with, or the services that are required to make it work, are not running on the machine. ms_03 means its from 2003. SP2 came out in 2004 I believe, so chances are, its already patched on that box. Try ms08_068 though. That should work on pre SP3 boxes(and some SP3 boxes). Services to make sure to have up first, Server Service, Computer Browser, Workstation and Windows Firewall/Internet Connection Sharing. Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted May 16, 2012 Share Posted May 16, 2012 Its possible that exploit was fixed in SP2 or some other update the machine was already patched with, or the services that are required to make it work, are not running on the machine. ms_03 means its from 2003. SP2 came out in 2004 I believe, so chances are, its already patched on that box. Try ms08_068 though. That should work on pre SP3 boxes(and some SP3 boxes). Services to make sure to have up first, Server Service, Computer Browser, Workstation and Windows Firewall/Internet Connection Sharing. I think digip meant ms08-067 instead of 068. Quote Link to comment Share on other sites More sharing options...
Skorpinok Rover Posted May 16, 2012 Author Share Posted May 16, 2012 Thank you Digip for this timely advice.. , thanks a lot,.. Its possible that exploit was fixed in SP2 or some other update the machine was already patched with, or the services that are required to make it work, are not running on the machine. ms_03 means its from 2003. SP2 came out in 2004 I believe, so chances are, its already patched on that box. Try ms08_068 though. That should work on pre SP3 boxes(and some SP3 boxes). Services to make sure to have up first, Server Service, Computer Browser, Workstation and Windows Firewall/Internet Connection Sharing. Quote Link to comment Share on other sites More sharing options...
digip Posted May 16, 2012 Share Posted May 16, 2012 I think digip meant ms08-067 instead of 068. Yup. Typo. 067 is the one. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.