Metasploit Framework 3 and Windows NT4

Printable View

Show 40 post(s) from this thread on one page

11-27-2007, 04:26 PM
ReveB

Metasploit Framework 3 and Windows NT4

I ran an autopwn on a Windows NT4 sp6a that hasn't been patched in years. To my big surprise not one session was created. How come Metasploit can't exploit such an old architecture? And how can it be done?
11-27-2007, 08:32 PM
balding_parrot

Quote:

Originally Posted by ReveB

I ran an autopwn on a Windows NT4 sp6a that hasn't been patched in years. To my big surprise not one session was created. How come Metasploit can't exploit such an old architecture? And how can it be done?

Was the exploit patched in an earlier SP, was the exploit for some software you didn't even have installed, or the right version of. You see without all the info who can tell, it could be many things of which I only listed a couple.
11-27-2007, 08:46 PM
drgr33n

Just because you run a unpatched version of windows doesn't mean it's vulnerable.

Going back to balding's post Are you running any insecure software on the windows system?

Have you researched what is vulnerable on that system?
11-28-2007, 01:27 PM
ReveB

There isn't a whole lot of software that runs on there. It's a PDC and that's about it. I just assumed that after all those years of non patching, cracking an NT would be cake...

In my tests I did knock the box out after a while. Services were hanging and a reboot was needed. So yeah DoS'ing is not a problem. Taking the box is something else...
11-28-2007, 09:25 PM
purehate

This is the reason for a real exploit and some some point and click h4x0r button.
11-28-2007, 10:16 PM
thorin

Quote:

Originally Posted by ReveB

In my tests I did knock the box out after a while. Services were hanging and a reboot was needed. So yeah DoS'ing is not a problem. Taking the box is something else...

If the box can not perform it's intended function then I would classify it as owned.
11-29-2007, 02:06 AM
imported_wyze

Quote:

Originally Posted by purehate

This is the reason for a real exploit and some some point and click h4x0r button.

Hence my reasoning for getting into rootkit dev :cool:
11-29-2007, 10:38 AM
ReveB

Quote:

Originally Posted by thorin

If the box can not perform it's intended function then I would classify it as owned.

True. However. I want the box out. Together with his BDC friend. Problem is the NT 4 domain is needed for an ancient SMS setup that is needed on a daily basis. So if I want to convince the management it has to go, DoS won't be good enough... If I could control the box however (without using my admin account :D) that would be more persuasive...
11-29-2007, 03:17 PM
streaker69

Quote:

Originally Posted by ReveB

True. However. I want the box out. Together with his BDC friend. Problem is the NT 4 domain is needed for an ancient SMS setup that is needed on a daily basis. So if I want to convince the management it has to go, DoS won't be good enough... If I could control the box however (without using my admin account :D) that would be more persuasive...

I'm sure there are other methods to convince management that an antiquated box needs to go.

Impending hardware failures are always a good excuse, incompatibility with new technology is also a good one.

If the box is still running NT4, then chances are, the harddrive is going to fail, catastrophically, and then you have a chance to get a new pair of machines in, especially if the PDC goes first.
11-29-2007, 04:59 PM
purehate

But of course he doesn't want to hear that because he wants us to spoonfeed him a hack so he can do something illegal.

Show 40 post(s) from this thread on one page