Security Basics mailing list archives
Re: Win XP SP2 Pentest
From: Kevin Johnson <kjohnson () secureideas net>
Date: Wed, 29 Nov 2006 20:45:22 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Nov 28, 2006, at 8:52 PM, pentestpro () gmail com wrote:
Hi all, I have been trying to conduct a pentest against WinXP pro SP2 hosts using Metaspoit 2.7 Unfortunately none of the exploits would work (msrpc_dcom_ms03_026,Microsoft LSASS MSO4-011 Overflow) I have disable the firewall as well. Would be grateful for any pointers. Thanks Suranjith
Hi- If the machines are patched with SP2 then neither of those vulnerabilities are available for Metasploit to exploit. The only pointers I can send are for you to look further into what the machines are offering as to services to find a vulnerability that can be exploited. I would like to point out that a "pentest" would be made up of much more then just running Metasploit against them. If you look through the myriad of data that should be collected before trying to exploit the machines, I am sure that you would be able to find a way into them. Remember that the direct brute force approach is destined for failure in most cases now. Good luck, Kevin Kevin Johnson GCIA, GCIH, CISSP, CEH Principal Consultant Secure Ideas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFFbje29gxbZzzrqlsRArBxAJ9Ds0uR8EgFn7Tyxen+AXIWo0YVMACfZPXv SFux3IiJcLxnIivcmmfXY68= =nH7w -----END PGP SIGNATURE-----
Current thread:
- Re: Win XP SP2 Pentest Kevin Johnson (Dec 01)
- <Possible follow-ups>
- RE: Win XP SP2 Pentest Roger A. Grimes (Dec 01)
- Re: Win XP SP2 Pentest crazy frog crazy frog (Dec 01)