Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

Re: Win XP SP2 Pentest
From: Kevin Johnson <kjohnson () secureideas net>
Date: Wed, 29 Nov 2006 20:45:22 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Nov 28, 2006, at 8:52 PM, pentestpro () gmail com wrote:

Hi all,
I have been trying to conduct a pentest against WinXP pro SP2 hosts
using Metaspoit 2.7
Unfortunately none of the exploits would work
(msrpc_dcom_ms03_026,Microsoft LSASS MSO4-011 Overflow)
I have disable the firewall as well.
Would be grateful for any pointers.
Thanks
Suranjith


Hi-

If the machines are patched with SP2 then neither of those
vulnerabilities are available for Metasploit to exploit.  The only
pointers I can send are for you to look further into what the machines
are offering as to services to find a vulnerability that can be
exploited.

I would like to point out that a "pentest" would be made up of
much more then just running Metasploit against them.  If
you look through the myriad of data that should be collected
before trying to exploit the machines, I am sure that you would
be able to find a way into them.  Remember that the direct
brute force approach is destined for failure in most cases
now.

Good luck,
Kevin

Kevin Johnson GCIA, GCIH, CISSP, CEH
Principal Consultant
Secure Ideas



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFFbje29gxbZzzrqlsRArBxAJ9Ds0uR8EgFn7Tyxen+AXIWo0YVMACfZPXv
SFux3IiJcLxnIivcmmfXY68=
=nH7w
-----END PGP SIGNATURE-----

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]