Re: Win XP SP2 Pentest

[krymson () gmail com]

Both of those vulnerabilities (MSO4-011 and MS03-026) were patched by the time SP2 was released. You'll need to pick a 
more recent vulnerability.

Of note, XP SP2 was released in Q3 2004. Microsoft security bulletins are named by their year. MS04-011 was the 11th 
bulletin of 2004, and so on. That can give you a quick clue on whether they're likely to be patched or not (MS06 is 
2006).

If you have access to the system, especially if you can scan it using an admin account, I recommend using MBSA or 
Nessus to evaluate whether the system is lacking some patches or has some open vulns that match exploits in 
Metasploit's list. Always be careful running Nessus against live, production servers, however. It can lock up the 
system or services.




Hi all,
I have been trying to conduct a pentest against WinXP pro SP2 hosts
using Metaspoit 2.7
Unfortunately none of the exploits would work
(msrpc_dcom_ms03_026,Microsoft LSASS MSO4-011 Overflow) 
I have disable the firewall as well.
Would be grateful for any pointers.
Thanks
Suranjith