Fresh Penetration Network setup(first exploit with Windows 7)

[ishouldbsurfn]

I have successfully got BT4 R2 running on my new Mac in virtualbox alongside Windows 7. I have read several pages and have found a lot of helpful information on performing the basics.

I have got msfconsole up and am running simple nmap scans and am returning information on my virtual machine running windows 7. My results show that all 1000 ports scanned are closed. I also run db_autopwn and no vulnerability modules load.

I would like to start simple and understand how a basic penetration technique works. A lot of examples I am reading work with windows xp, but I am trying to exploit the windows 7 environment.

When I use -O, I receive a message that too many fingerprints to match and that the OS type cannot be returned.

Are these messages typical? Would I get some response if I opened up some ports, because I would rather not. Back to reading about slackware.

[lupin]

Traditional remote exploits are performed by taking advantage of a vulnerability in a listening network service. If you have no listening network services (e.g. if all your ports are "closed") then you will not be able to exploit the system using remote exploits. Pretty simple really.

Install a vulnerable listening service on your Windows 7 system and you should then be able to attack it. Alternatively, you could try a client side exploit on your Windows system.

I suggest you have a look at Metasploit Unleashed, and I have also written some exploit writing tutorials you can find links to from our HowTo forum if you want something more challenging and if you want to understand how this stuff works.

[falseteeth]

Typical home Windows machines do not run any remote network services, so generally you are not going to remotely exploit a personal-use Windows box in a real world situation. That's why you're seeing all the ports closed; it's not running anything. For testing, you'll need to install a vulnerable service/program on it.

You could also mess around with generating a browser exploit page and having the Windows box click it, though I'm not sure if there are any currently working browser exploits on Windows 7.

There are generally quite few exploits for Windows 7, other than Internet Explorer 0days that sometimes work on it (but usually they get patched pretty fast).

[Kx499]

I've got a fully patched vista box running ie8 that's vulnerable to a few of the browser exploits, so they might work on Windows 7 too. You'd have to play around with it, but thats the fun part....

[lupin]

Typical home Windows machines do not run any remote network services, so generally you are not going to remotely exploit a personal-use Windows box in a real world situation.

Strictly speaking, by default they will run the Windows file and printer sharing service, which has had its fair share of exploitable vulnerabilities, but firewall settings will usually block access to this by default. From a remote scan the port related to this service will come up as "closed", so it will appear not to be listening from remote systems, but it will actually be running and will be bound to a port and listening.

[sickness]

I have got msfconsole up and am running simple nmap scans and am returning information on my virtual machine running windows 7. My results show that all 1000 ports scanned are closed. I also run db_autopwn and no vulnerability modules load.

Well Windows 7 has by default some services opened, as @lupin mentioned the file and printer sharing also the remote desktop one, the reason why nmap gives you all ports filtered is because of the Win7 Firewall.

I would like to start simple and understand how a basic penetration technique works. A lot of examples I am reading work with windows xp, but I am trying to exploit the windows 7 environment.

Before you try to understand basic penetration testing techniques you should try to understand how exploit actually work and what are the differences between XP and Windows7 ( regarding exploits of course ).

[ishouldbsurfn]

Thanks everyone for the help!

I read a bit more today and used the ms11_xxx_ie_css_import browser attack exploit my virtual machine. I recommend this as a simple starting point for others starting out as it is pretty simple.

Thanks again!

[Renek]

In case you haven't found it yet, Securitytube.net has a great series on Metasploit called the Metasploit Megaprimer. From there you can move to the assembly tutorials on how to discover exploits for yourself. Irongeek also has a bunch of great videos to help you along. Happy learning!

[thorin]

If you need targets to play with you might want to check the "Testing Environments & Apps" section in my post to this thread:
http://www.backtrack-linux.org/forum...ted-links.html

[ishouldbsurfn]

Thanks everyone for the insight! I will definitely refer to both of those once i am done reading this bit I have now on Slack!