Results 1 to 3 of 3

Thread: Questions attacking W7

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008

    Default Questions attacking W7

    Hello all,

    I am getting back into my studies and I was hoping I can get a few questions answered here. I have a lab network here at home and I can pretty easily exploit W2k3 machines and some Windows Vista machines with Windows Firewall disabled.

    So question 1, with WF enabled, whats the best way to perform port scanning? I've tried nmap with nearly all Windows compatible options that I know, but ICMP, TCP, UDP seem to be well filtered.

    Q2: Assuming I've found a host, and know what ports are open and what service are running on those ports, I, plain and simple, have not been able to find exploits for W7. The MSFUpdate works fine, but i'm trying to attack services rather than web applications, and web exploits seem to be the only options available... I've done my research, and I know that there were some new W7 vulnerabilities discovered, and I hadn't patched the systems, so I know they are vulnerable. But even searching exploitdb, exploitsearch and Metasploit exploits, I dont think I found any 2011 exploits not tied to applications running on the victim machine.

    Now I am fairly certain that this may be to keep script kiddies from getting the latest exploit code, but that really doesnt help me.

    I think i'll limit my questions to those for the moment. Thanks for your help.
    "You're only smoke and mirrors..."

  2. #2
    Just burned his ISO
    Join Date
    Feb 2010

    Default Re: Questions attacking W7

    Sounds like you need to research different port scanning techniques and better ways to find exploits. Try limiting your port scans to only a few different ports at the same time. Pick some popular ones. And as for finding exploits... there's no real quick and dirty way that's super effective. Just gotta look through all the major websites out there that list them.

    As for unpatched Windows 7 machines, I don't believe there are any exploits out there that can cause remote code execution from outside the machine. The last one that I know of was MS07-something. Remote code executions under Windows 7 probably have to be executed from a booby trapped file.

  3. #3
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008

    Default Re: Questions attacking W7


    Thanks for the advice. So you are suggesting that probing a single or a few ports rather than the traditional port scan would be more effective? Is Windows Firewall able to detect port scanning and lock down ports?
    "You're only smoke and mirrors..."

Similar Threads

  1. Replies: 44
    Last Post: 01-25-2011, 07:57 AM
  2. [Video] Attacking - pWnOS
    By g0tmi1k in forum BackTrack Videos
    Replies: 7
    Last Post: 09-04-2010, 08:59 AM
  3. attacking channel 13 ap
    By pentest09 in forum Beginners Forum
    Replies: 1
    Last Post: 07-22-2010, 06:58 AM
  4. Attacking wpa2 without a dictionary?
    By anujanuj in forum Beginners Forum
    Replies: 3
    Last Post: 05-17-2010, 06:41 PM
  5. Wireless attacking tools!
    By ramprasad1211 in forum OLD Newbie Area
    Replies: 2
    Last Post: 08-18-2009, 10:15 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts