Windows 2003 Server Exploitation

29 Mar

As a professional penetration tester you will have to deal with various systems including Windows and Linux.Microsoft Servers have a large share in the market so probably most of your clients will have some versions of Windows Servers (2003 or 2008) that you will need to assess.In this article we will focus on exploitation a Windows 2003 server through the Microsoft directory services.

We have performed a port scan with Nmap and we have discovered that microsoft-ds service is open on port 445.The use of this service is for file sharing activities in Windows environments.

Microsoft-ds Service is Open


Our next step will be to open the metasploit framework in order to find the appropriate exploit that it will give us access to the remote server.We already know that the port 445 is for the SMB service.So our search will be on the SMB exploits like the netapi.

Specifically the exploit that we are going to use is the ms08_067_netapi which exploits a parsing flaw in the path canonicalization code of NetAPI32.dll.

Search for the netapi Exploit


So we are configuring the exploit with the appropriate IP addresses and we will use as a payload the meterpreter service.

Netapi Exploit Configuration


Now it is time to run the exploit against the target machine and as we can see from the image below it successfully opened a meterpreter session.

Exploitation with the Netapi


We can use the sysinfo command of the meterpreter in order to discover our first information about the Windows 2003 Server.

Information about the remote system



The microsoft-ds is a very common service in Windows machines.Most of the servers will have this service enabled so it will be very easy to exploit them except if they are using a firewall that filters the port 445.Remember that if you are going to use this exploit against a Windows 2003 Server it will work only in the following versions: Windows 2003 SP0,Windows 2003 SP1 and Windows 2003 SP2.

1 Comment

Posted by on March 29, 2012 in Exploitation Techniques


Tags: , , , ,

One response to “Windows 2003 Server Exploitation

  1. chandren

    July 9, 2014 at 3:10 pm

    Thank you man nice help. after a long search i got it,.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: