Results 1 to 8 of 8

Thread: How make a vista vulnerable?

  1. #1
    Just burned his ISO
    Join Date
    Jan 2008
    Posts
    15

    Question How make a vista vulnerable?

    Hello!
    This may be a very dumb question to ask, but I find it interesting.
    And I'm sure that a lot of others that are new to this will to.

    I haven't worked with metasploit a lot. So I decided to install a virtual Vista Sp1 machine and check it out and play around with meterpreter. Once it was done I installed Avg free, didn't install any updates. I started my virtual BT4, and got me thinking, now what?

    I have to run an exploit to a vulnerability on the Vista, the only problem is that I don't know of any specifically, and that is a part of the Metasploit exploit arsenal.

    My question straight out is, how do we make a vista machine (or xp for the sake of other users searching the forum for this) vulnerable as least time consuming as possible?
    " Human knowledge belongs to the world "

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Wait for the metasploit course to come out or do some research. There are so many ways Vista can be attacked.
    Sometimes not Vista but an app running on it.

    Ok, that is enough information to acomplish what you want to.
    Tiocfaidh ár lá

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Google = exploit vista
    Try also looking into vulnerable free-ware. Turn off the firewalls and the AV as well it will help open things up.
    EDIT: I see KMDave beat me to the punch.
    Do what he mentioned as well.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by archangel.amael View Post
    Try also looking into vulnerable free-ware.
    like these....
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Heh, install it....

  6. #6
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    6

    Thumbs up My two bits...

    It would be easier, especially since you are new to this, to turn off your windows firewall and turn the avg off. Once you get comfortable with things and understand some advanced techniques, than you can turn the stuff that makes it more interesting on. Again like previously mentioned, you dont even have to exploit the actual OS, you can exploit an application, arp spoof/redirect, dns poison the list really goes on and on. Try and be creative, and may i suggest Nessus for "finding" exploits on a machine....

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Id suggest that you learn how exploits work first of all, then you'll have a better understand of what Metasploit can do and how it works. Start by checking out some of the exploits on milw0rm and finding a guide on how to write a simple buffer overflow exploit. The book "Hacking: The Art of Exploitation" is a good resource for this, as is the Pentesting With Backtrack training course, and Im sure there is free stuff online too (I'm planning on writing something about this myself).

    Once you can do this you will understand the exploitation process much better and you will be able to work out how to proceed...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Senior Member BigMac's Avatar
    Join Date
    Jan 2008
    Posts
    213

    Default

    Check out this thread

    In that thread i posted a registry key. when this key is changed as instructed then the smb service will be vulnerable to a few exploits... by default vista has disabled this for security reasons...

    windows/smb/smb_relay
    windows/smb/psexec

    you also need to understand that with these public exploits metasploit has in its inventory once there released out into the wild they are then patched Most of the time shortly after...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •