Results 1 to 10 of 16

Thread: Metasploit Framework 3 and Windows NT4

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Nov 2007
    Posts
    6

    Default Metasploit Framework 3 and Windows NT4

    I ran an autopwn on a Windows NT4 sp6a that hasn't been patched in years. To my big surprise not one session was created. How come Metasploit can't exploit such an old architecture? And how can it be done?

  2. #2
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    Quote Originally Posted by ReveB View Post
    I ran an autopwn on a Windows NT4 sp6a that hasn't been patched in years. To my big surprise not one session was created. How come Metasploit can't exploit such an old architecture? And how can it be done?
    Was the exploit patched in an earlier SP, was the exploit for some software you didn't even have installed, or the right version of. You see without all the info who can tell, it could be many things of which I only listed a couple.

  3. #3
    Very good friend of the forum drgr33n's Avatar
    Join Date
    Jan 2010
    Location
    Dark side of the moon ...
    Posts
    699

    Default

    Just because you run a unpatched version of windows doesn't mean it's vulnerable.

    Going back to balding's post Are you running any insecure software on the windows system?

    Have you researched what is vulnerable on that system?

  4. #4
    Just burned his ISO
    Join Date
    Nov 2007
    Posts
    6

    Default

    There isn't a whole lot of software that runs on there. It's a PDC and that's about it. I just assumed that after all those years of non patching, cracking an NT would be cake...

    In my tests I did knock the box out after a while. Services were hanging and a reboot was needed. So yeah DoS'ing is not a problem. Taking the box is something else...

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    This is the reason for a real exploit and some some point and click h4x0r button.

  6. #6
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by purehate View Post
    This is the reason for a real exploit and some some point and click h4x0r button.
    Hence my reasoning for getting into rootkit dev
    dd if=/dev/swc666 of=/dev/wyze

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by ReveB View Post
    In my tests I did knock the box out after a while. Services were hanging and a reboot was needed. So yeah DoS'ing is not a problem. Taking the box is something else...
    If the box can not perform it's intended function then I would classify it as owned.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Just burned his ISO
    Join Date
    Nov 2007
    Posts
    6

    Default

    Quote Originally Posted by thorin View Post
    If the box can not perform it's intended function then I would classify it as owned.
    True. However. I want the box out. Together with his BDC friend. Problem is the NT 4 domain is needed for an ancient SMS setup that is needed on a daily basis. So if I want to convince the management it has to go, DoS won't be good enough... If I could control the box however (without using my admin account ) that would be more persuasive...

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by ReveB View Post
    I ran an autopwn on a Windows NT4 sp6a that hasn't been patched in years. To my big surprise not one session was created. How come Metasploit can't exploit such an old architecture? And how can it be done?
    That's kinda like asking how to change the oil and filter in a car but then not telling us what model/year. Therefore my answer is "just do it".

    True. However. I want the box out. Together with his BDC friend. Problem is the NT 4 domain is needed for an ancient SMS setup that is needed on a daily basis. So if I want to convince the management it has to go, DoS won't be good enough... If I could control the box however (without using my admin account ) that would be more persuasive...
    Proving the box is vulnerable is completely irrelevant if there is no risk associated with it. If it's a PDC then it's highly unlikely that it's exposed to the internet. Therefore the only threat agents are internal employees. Depending on the type of business you're part of chances are the majority of your internal employees aren't going to be able to do anything to the box (even if they had some motivation, like being fired). So that leaves you and any other technical staff. If management isn't confident that you won't intentionally break things or leak information to competitors then they should just fire you. If they do trust you then the box's vulnerabilities are completely irrelevant.

    The arguments surrounding replacing the box should be things like:
    1) Aging hardware.
    2) Lack of hardware support/maintenance agreements with vendors (HP, Dell, whoever).
    3) Performance issues.
    4) Lack of support for the OS should anything happen.
    5) Incompatibility with other infrastructure or important technologies used within the company.

    Your best bet is to prove that the old system is actively costing them money (something along the lines of ... you're wasting a lot of time support it) or that it has significant potential to cost them money (if it goes down no one will be able to work for x days, while you then build up a new system or recover the old thing).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •