Metasploit mailing list archives

Still yet to own a machine :( (My systems ain't THAT secure are they?)

From: konrads.smelkovs at gmail.com (Konrads Smelkovs)
Date: Mon, 17 Sep 2007 16:51:12 +0300

Hello Mr. Gabriel,

There are multiple approaches to exploiting, but it can also be split into
two ways:

a) Having 0days
b) Not having 0days

If You are in possession of 0days, then You can execute a simple attack
against a machine exploiting as of yet unpatched vulnerability.
If You do not have 0days then the exploitation depends on creating a
scenario or finding unpatched vuln (in which case it is like case 'a').
Creating a scenario can be with or without user interaction. Your virus
outbreaks probably occur due to users executing malicious attachments sent
via IM, email or otherwise. You should probably secure Your perimeter more,
run tight group policy and remove unauthorised software.

On 9/17/07, Mr Gabriel <angelisonline at gmail.com> wrote:


Okay, I'm still very confused out here.

I've tried a lot to at least own a machine on my network. I'm
responsible for 200 computers across three floors, each machine can
be seen on the network, and can be contacted etc etc. All on the same
subnet ... (not best practice, I know, but hey if it ain't broke...).
Now, at least once a week we get viral epedemics, where someones
daily scan reveals a virus, give it a few hours, and you can almost
guarentee, that that puppy has found its way onto another computer,
and not via file sharing, or email. Which leads me to believe it
exploited my up to date "fully patched" XP systems.

Which I feel as if I have failed to do myself.

On a diffrent note, after studying HDM talk, I realised the impact of
social engineering with regards to a lot of exploits. It seems that a
lot of exploits require user intervention, as in you sort of have to
"trick" someone into either clicking a link, or loading a bad page or
something.

If that is the case, I'll have to revise my talks about keeping safe
on your computer - which now that I think about it, needs a complete
facelift!!




-- 
Konrads Smelkovs
Applied IT sorcery.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070917/01436566/attachment.htm>

Current thread:

Still yet to own a machine :( (My systems ain't THAT secure are they?) Mr Gabriel (Sep 17)
- Still yet to own a machine :( (My systems ain't THAT secure are they?) Konrads Smelkovs (Sep 17)