Results 1 to 7 of 7

Thread: Can this setting in Win 7 thwart most Metasploit attacks?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Location
    Shoulder surfing besides you...
    Posts
    39

    Default Can this setting in Win 7 thwart most Metasploit attacks?

    I came across this setting in group policy in Windows 7 Ultimate which says "Allow Remote Shell Access" which is "Not Configured" in its default state which means it allows remote shell access in its default state.

    However, if I configure it to disable remote windows shell will it help me defend against
    most metasploit type attacks which use "reverse_shell" as its payload?
    Having knowledge is one thing and applying that knowledge to earn money (of course, legally) is a completely different thing...

  2. #2
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: Can this setting in Win 7 thwart most Metasploit attacks?

    No because Metasploit uses various attacks against software vulnerabilities like a buffer overflow , heap overflow ,SEH overflowing and heap spraying in order to run arbitrary code (various shellcodes).
    By gaining control over return address and running code in privileged process space metasploit can even attack other windows components, it is possible to inject dll,create remote thread , hooking IAT
    unlinking ProcessListHead structure which is very useful to hide your process from OS also idt and ssdt hooking, but this must be performed from the kernel mode.
    Scientia ac Labore

  3. #3
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re : Can this setting in Win 7 thwart most Metasploit attacks?

    I'm not a mod or anything, but asking windows-related question here (on *backtrack* forums) is not very well perceived. Watch out
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  4. #4
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: Can this setting in Win 7 thwart most Metasploit attacks?

    I'm not a mod or anything, but asking windows-related question here (on *backtrack* forums) is not very well perceived. Watch out
    His question is related to windows exploitation.
    Scientia ac Labore

  5. #5
    Just burned his ISO
    Join Date
    Jun 2011
    Posts
    3

    Default Re: Can this setting in Win 7 thwart most Metasploit attacks?

    Quote Originally Posted by exus69 View Post
    I came across this setting in group policy in Windows 7 Ultimate which says "Allow Remote Shell Access" which is "Not Configured" in its default state which means it allows remote shell access in its default state.

    However, if I configure it to disable remote windows shell will it help me defend against
    most metasploit type attacks which use "reverse_shell" as its payload?
    Easy way to throw off any remote attack is to rename you computer to localhost this way if they try to netbios attacks Unix will attack it self.
    There are a few other things you can do too, but I find this one really fun to screw people with.

    Evil is an art form !!!

    One more thing can do is turn your firewall into an IDS with IPS protection this will require you to remove all rules and set the firewall in active learning mode. Then the hacker will have to try to smash your TCP stack. Odds of a hacker getting in before you react is not likely. Most hacks rely on human error or laziness of not keeping up with security.

    Well see yea at DefCon in August....

    Webmaster be more snappy on getting posts out you still haven't posted my FreeNX howto.

    OK take care hope this info helps
    Ghosthunter007

  6. #6
    Member
    Join Date
    May 2011
    Location
    Israel
    Posts
    74

    Default Re: Can this setting in Win 7 thwart most Metasploit attacks?

    One more thing can do is turn your firewall into an IDS with IPS protection this will require you to remove all rules and set the firewall in active learning mode. Then the hacker will have to try to smash your TCP stack. Odds of a hacker getting in before you react is not likely. Most hacks rely on human error or laziness of not keeping up with security.
    Today most of the attacks are client-based explotation over outgoing outbound ports in order to protect against such a attacks firewall should install filter and/or intermediate driver sitting above miniport driver,
    both of them should use advanced real-time disassembling engines with behavioural and signature based scanning and analyzing of bypassing malicious traffic when concerning x86 architecture with its variable length ISA so called real-time disassembling of the obfuscated binaries is hard problem.
    Last edited by iliyapolak; 06-13-2011 at 04:55 PM.
    Scientia ac Labore

  7. #7
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    19

    Default Re: Can this setting in Win 7 thwart most Metasploit attacks?

    Nope, as metasploit dosnt remote, the reverse_shell does it localy via commands sent.

Similar Threads

  1. Need Help with online attacks
    By f4csimil3 in forum BackTrack 5 General Topics
    Replies: 7
    Last Post: 03-12-2013, 11:26 AM
  2. smtp attacks
    By imported_UG_Cyber in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-13-2008, 04:27 PM
  3. Internet Attacks
    By kdiggity317 in forum OLD Newbie Area
    Replies: 7
    Last Post: 10-18-2008, 04:22 PM
  4. WPA EAP attacks
    By Andy90 in forum OLD General IT Discussion
    Replies: 1
    Last Post: 02-27-2008, 10:55 AM
  5. RADIUS attacks
    By _hap_ in forum OLD Wireless
    Replies: 2
    Last Post: 02-21-2008, 03:29 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •