Security Basics: RE: Win XP SP2 Pentest

["Roger A. Grimes" <roger () banneretcs com>]

Welcome to learning that Windows isn't quite as vulnerable as many
popular opinions would have you believe. 

Windows XP Pro SP2 fully patched is hard to break into, especially using
an external attack. Your best luck is a social engineering attack or a
client-side attack (which Metasploit can help you create and perform).
There are other types of attacks you can try, such as password guessing
or cracking, if you have the right conditions.

Buy one of Foundstone's excellent Hacking Exposed books, as a good
starting point for other types of manual attacks.

The truth is that any popular OS properly patched (both OS and apps)
isn't easy to break into.

Roger

*****************************************************************
*Roger A. Grimes, InfoWorld, Security Columnist 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger_grimes () infoworld com or roger () banneretcs com
*Author of Professional Windows Desktop and Server Hardening (Wrox)
*http://www.amazon.com/gp/product/0764599909
*****************************************************************

 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of pentestpro () gmail com
Sent: Tuesday, November 28, 2006 8:52 PM
To: security-basics () securityfocus com
Subject: Win XP SP2 Pentest

Hi all,
I have been trying to conduct a pentest against WinXP pro SP2 hosts
using Metaspoit 2.7 Unfortunately none of the exploits would work
(msrpc_dcom_ms03_026,Microsoft LSASS MSO4-011 Overflow) I have disable
the firewall as well.
Would be grateful for any pointers.
Thanks
Suranjith