Results 1 to 10 of 10

Thread: Best Metasploit exploit/payload for windows XP sp2/3

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    11

    Default Best Metasploit exploit/payload for windows XP sp2/3

    Hello all,

    I just was wondering what the best exploit and payload would be for getting a command shell on a windows XP SP2/SP3 machine. The XP machine would be assumed to be current with updates...
    I find it quite a challange as every attempt I have tried returned with no session...

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    If you're attacking the OS directly and it's fully patched (ex: ms08-067) you will have no luck. You will have to look at either attacking installed applications (ftp, smtp, etc) or look into a client side attack.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    If the machine is patched then the "best" exploit would likely be one that doesn't exist yet which leverages a vulnerability which hasn't been identified yet.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #4
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    11

    Default

    Ok say I rigged my vm of windows XP so that it has been fully patched but oops I forgot to close port 21 and 80. Could these be "metasploited"?

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by bfrick50 View Post
    Ok say I rigged my vm of windows XP so that it has been fully patched but oops I forgot to close port 21 and 80. Could these be "metasploited"?
    Well what is running on port 21? you need the name of the service and the version number. Same with port 80. Then you hit google and try to find a vulnerability. So the short answer is no. This stuff takes tons of time, research,pouring over boring code and caffeine.

  6. #6
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    The easiest way to setup your vm lab with minimal work would be match an exploit in metasploit, and install the vulnerable software to your target machine.

    You can find some vulnerable software here: Download old vulnerable softwares version

    Also you might want to look at: http://www.offensive-security.com/metasploit-unleashed/

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by bfrick50 View Post
    Ok say I rigged my vm of windows XP so that it has been fully patched but oops I forgot to close port 21 and 80. Could these be "metasploited"?
    Ok, I'm in a good mood so I'll spoon feed

    IT/Security 101.....

    An exploit takes advantage of a weakness (also known as a vulnerability), patches correct vulnerabilities.

    If a vulnerability exists within the service running/listening on a particular port (21 or 80) then yes it can be exploited. Assuming a) it's a brand new vulnerability that you've discovered (for which there is no patch [yet]) or b) it's an old vulnerability which has not had the corresponding and correcting patch applied.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    11

    Default

    Great,
    Thank you all for clearing up the fog in my brain relating to exploits!

  9. #9
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    11

    Default

    The best way to exploit a full patch windows XP.is to Create a payload with metasploit, attached that payload using your friendly microsoft iexpress to a nice little fun game you download of the web. Send and execute on your test VM. When you run the game and close it, the metasploit payload will be executed.

    OR!! your can use browser exploits, you can use metasploit to act as a website, and just browse to your machine and hopefully, pop you can command.. if you got wireless check out karmetasploit.

    hope this helps.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •