I ran an autopwn on a Windows NT4 sp6a that hasn't been patched in years. To my big surprise not one session was created. How come Metasploit can't exploit such an old architecture? And how can it be done?
Metasploit Framework 3 and Windows NT4
I ran an autopwn on a Windows NT4 sp6a that hasn't been patched in years. To my big surprise not one session was created. How come Metasploit can't exploit such an old architecture? And how can it be done?
Was the exploit patched in an earlier SP, was the exploit for some software you didn't even have installed, or the right version of. You see without all the info who can tell, it could be many things of which I only listed a couple.Originally Posted by ReveB
Just because you run a unpatched version of windows doesn't mean it's vulnerable.
Going back to balding's post Are you running any insecure software on the windows system?
Have you researched what is vulnerable on that system?
There isn't a whole lot of software that runs on there. It's a PDC and that's about it. I just assumed that after all those years of non patching, cracking an NT would be cake...
In my tests I did knock the box out after a while. Services were hanging and a reboot was needed. So yeah DoS'ing is not a problem. Taking the box is something else...
This is the reason for a real exploit and some some point and click h4x0r button.
Hence my reasoning for getting into rootkit dev
dd if=/dev/swc666 of=/dev/wyze
If the box can not perform it's intended function then I would classify it as owned.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
True. However. I want the box out. Together with his BDC friend. Problem is the NT 4 domain is needed for an ancient SMS setup that is needed on a daily basis. So if I want to convince the management it has to go, DoS won't be good enough... If I could control the box however (without using my admin account) that would be more persuasive...
That's kinda like asking how to change the oil and filter in a car but then not telling us what model/year. Therefore my answer is "just do it".
Proving the box is vulnerable is completely irrelevant if there is no risk associated with it. If it's a PDC then it's highly unlikely that it's exposed to the internet. Therefore the only threat agents are internal employees. Depending on the type of business you're part of chances are the majority of your internal employees aren't going to be able to do anything to the box (even if they had some motivation, like being fired). So that leaves you and any other technical staff. If management isn't confident that you won't intentionally break things or leak information to competitors then they should just fire you. If they do trust you then the box's vulnerabilities are completely irrelevant.True. However. I want the box out. Together with his BDC friend. Problem is the NT 4 domain is needed for an ancient SMS setup that is needed on a daily basis. So if I want to convince the management it has to go, DoS won't be good enough... If I could control the box however (without using my admin account ) that would be more persuasive...
The arguments surrounding replacing the box should be things like:
1) Aging hardware.
2) Lack of hardware support/maintenance agreements with vendors (HP, Dell, whoever).
3) Performance issues.
4) Lack of support for the OS should anything happen.
5) Incompatibility with other infrastructure or important technologies used within the company.
Your best bet is to prove that the old system is actively costing them money (something along the lines of ... you're wasting a lot of time support it) or that it has significant potential to cost them money (if it goes down no one will be able to work for x days, while you then build up a new system or recover the old thing).
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Posting Permissions
