MS08-067 added to SVN trunk (3.2-testing)

[giorgio.casali at gmail.com (Giorgio Casali)]

Hi, I successfully exploited the vuln on a xp sp3 eng. but following
your comment I couldn't reproduce it on a xp sp2 italian.
So I took the acgenral.dll from the xp sp3 english I successfully
exploited and issue the command you suggested:

msfpescan -j esi AcGenral.dll
but in the address list I couldn't find the one you use in the code (0x6F8917C2)

is it normal?.

Thx in advance.

This is the list I've obtained

0x6f88f807 call esi
0x6f8914f8 call esi
0x6f89153f call esi
0x6f8918ab call esi
0x6f8918b6 call esi
0x6f892b32 call esi
0x6f892b37 call esi
0x6f892b65 call esi
0x6f892b70 call esi
0x6f892b94 call esi
0x6f892b9a call esi
0x6f892bea call esi
0x6f892bef call esi
0x6f89349c call esi
0x6f89350c call esi
0x6f895334 call esi
0x6f89533b call esi
0x6f8953b4 call esi
0x6f8953bb call esi
0x6f895a60 call esi
0x6f895a8e call esi
0x6f895add call esi
0x6f895ae2 call esi
0x6f896961 call esi
0x6f896964 call esi
0x6f896967 call esi
0x6f896a08 call esi
0x6f896a44 call esi
0x6f896a54 call esi
0x6f897fef call esi
0x6f897ff9 call esi
0x6f89856e call esi
0x6f89b04a call esi
0x6f89d8c5 call esi
0x6f89d8cd call esi
0x6f89daa8 call esi
0x6f89dac0 call esi
0x6f89dad3 call esi
0x6f89daeb call esi
0x6f89dafe call esi
0x6f89db16 call esi
0x6f89db2d call esi
0x6f89db43 call esi
0x6f89db6c call esi
0x6f89dc4c call esi
0x6f89dc6a call esi
0x6f89dc7d call esi
0x6f89dc95 call esi
0x6f89dcaa call esi
0x6f89de42 call esi
0x6f89deaf call esi
0x6f89e055 call esi
0x6f89e06a call esi
0x6f89e0f5 call esi
0x6f89e105 call esi
0x6f8a092e call esi
0x6f8a093c call esi
0x6f8a1358 call esi
0x6f8a1375 call esi
0x6f8a1403 call esi
0x6f8a1421 call esi
0x6f8a3830 call esi
0x6f8a3843 call esi
0x6f8a387a call esi
0x6f8a388d call esi
0x6f8a38c4 call esi
0x6f8a38d7 call esi
0x6f8a4f80 call esi
0x6f8a4fa9 call esi
0x6f8a4fd2 call esi
0x6f8a4ffb call esi
0x6f8a5024 call esi
0x6f8a504d call esi
0x6f8a5076 call esi
0x6f8a509f call esi
0x6f8a50c8 call esi
0x6f8a8938 call esi
0x6f8a896f call esi
0x6f8a89a2 call esi
0x6f8a89c5 call esi
0x6f8aba79 push esi; ret
0x6f8abac2 push esi; ret
0x6f8abafb push esi; ret
0x6f8ac9da call esi
0x6f8aca35 call esi
0x6f8ad082 call esi
0x6f8ad093 call esi
0x6f8ad0a0 call esi
0x6f8ad0b6 call esi
0x6f8ad0c7 call esi
0x6f8ae111 call esi
0x6f8ae124 call esi
0x6f8aff23 call esi
0x6f8b174b call esi



















2008/10/28 H D Moore <hdm at metasploit.com>:
> This module has support for XP SP2/SP3 with DEP/NX as well 2003 SP0/SP2
> without DEP/NX. It only supports the english locale right now, but I
> included instructions in the module comments for how to add
> language-specific targets.  There is no default target and you need to
> specify the correct OS/SP, otherwise the module will just crash the
> service. This will never be as reliable as MS06-040, but its still great
> way to exploit a XP SP2/SP3 system with 139/445 open.
>
> http://metasploit.com/dev/trac/browser/framework3/trunk/modules/exploits/windows/smb/ms08_067_netapi.rb?rev=5798
>
>
> -HD
> _______________________________________________
> http://spool.metasploit.com/mailman/listinfo/framework