Security Basics mailing list archives
RE: Win XP SP2 Pentest
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Wed, 29 Nov 2006 12:57:58 -0500
Welcome to learning that Windows isn't quite as vulnerable as many popular opinions would have you believe. Windows XP Pro SP2 fully patched is hard to break into, especially using an external attack. Your best luck is a social engineering attack or a client-side attack (which Metasploit can help you create and perform). There are other types of attacks you can try, such as password guessing or cracking, if you have the right conditions. Buy one of Foundstone's excellent Hacking Exposed books, as a good starting point for other types of manual attacks. The truth is that any popular OS properly patched (both OS and apps) isn't easy to break into. Roger ***************************************************************** *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada... *email: roger_grimes () infoworld com or roger () banneretcs com *Author of Professional Windows Desktop and Server Hardening (Wrox) *http://www.amazon.com/gp/product/0764599909 ***************************************************************** -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of pentestpro () gmail com Sent: Tuesday, November 28, 2006 8:52 PM To: security-basics () securityfocus com Subject: Win XP SP2 Pentest Hi all, I have been trying to conduct a pentest against WinXP pro SP2 hosts using Metaspoit 2.7 Unfortunately none of the exploits would work (msrpc_dcom_ms03_026,Microsoft LSASS MSO4-011 Overflow) I have disable the firewall as well. Would be grateful for any pointers. Thanks Suranjith
Current thread:
- Re: Win XP SP2 Pentest Kevin Johnson (Dec 01)
- <Possible follow-ups>
- RE: Win XP SP2 Pentest Roger A. Grimes (Dec 01)
- Re: Win XP SP2 Pentest crazy frog crazy frog (Dec 01)