|
VictorM
|
 |
« on: August 27, 2012, 10:09:12 PM » |
|
Hello everyone.
I was hoping the fine folks here might be able to answer a question about understanding how remote code exploits work. Assuming that the machine is running windows XP/Vista/7 on a x86 platform with all service packs, patches and updates with no TCP/IP services and no server applications running then how can it be possible to take advantage of such a box remotely ? Then is it possible that a zero day exploit would be needed in order to access this typical box ?
Please note that I have no interest nor intentions in hacking into anyone box but would like to understand the logic behind how remote code exploits work...
Thanks in advance
VictorM
|
|
|
|
|
Logged
|
|
|
|
|
SecurityMonkey
|
|
« Reply #1 on: August 27, 2012, 11:07:27 PM » |
|
Even if you are not running any other services (such as a web server, ftp server) you still have the built in Microsoft Services and applications running. Take for example MS08-067, this issue allowed an attacker to take advantage of the way that the Server service handles RPC requests. The attacker was able to execute code on the remote PC by exploiting this flaw.
This issue was patched a long time ago so shouldn’t be an issues anymore. To take advantage of a PC like the one you are talking about most of the time it would take a Zero Day or for the machine to be missing a critical patch.
If you have a quick google you will find heaps of examples of how this is done.
|
|
|
|
« Last Edit: August 27, 2012, 11:15:31 PM by SecurityMonkey »
|
Logged
|
|
|
|
|
cd1zz
|
|
« Reply #2 on: August 27, 2012, 11:33:01 PM » |
|
0 day in the OS or an exploit/0 day in third party software that exposes a service.
|
|
|
|
|
Logged
|
|
|
|
|
shadowzero
|
|
« Reply #3 on: August 27, 2012, 11:43:13 PM » |
|
Doesn't even have to be server software. A vulnerable music player can load a a specially crafted MP3 file, which in turn executes code and opens a backdoor to the computer. Almost everyone installs third party software, so there's the chance that something installed is vulnerable to something.
|
|
|
|
|
Logged
|
|
|
|
|
SecurityMonkey
|
|
« Reply #4 on: August 27, 2012, 11:45:15 PM » |
|
Could be a flaw in IE... so so many ways....
|
|
|
|
|
Logged
|
|
|
|
|
Jamie.R
|
|
« Reply #5 on: August 28, 2012, 02:31:51 AM » |
|
There are lots ways 0 days,encoding exploits to try bypass virus software and then you have end user who like to click anything you send them.
|
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
VictorM
|
|
« Reply #6 on: August 28, 2012, 06:52:13 PM » |
|
@To All thanks for the helpful replies. I also gave some thoughts to Zero Day exploits that might still exist which have yet to be published and patched.
Appreciate the replies.
Victor
|
|
|
|
|
Logged
|
|
|
|
|
jjwinter
|
|
« Reply #7 on: August 31, 2012, 08:52:00 AM » |
|
From what I've been reading, many exploits are the result of getting the user to click your infected site and take advantage of a browser flaw, Java exploit, Flash Player, PDF reader....as shadowzero said, no run runs vanilla Windows with no third party apps installed. Just might take some Social Engineering.
|
|
|
|
|
Logged
|
|
|
|
|
Cyber.spirit
|
|
« Reply #8 on: September 04, 2012, 03:41:13 AM » |
|
all of patchs, updates, service packs can help u to improve security but it dosent mean ur completely secure. For example if u installed adobe reader u can create an infected pdf file using metasploit send it to the target and get some access but maybe u'll get error or failure it depends on many things security world is so complex
|
|
|
|
|
Logged
|
ICS Academy Network Security Certified
|
|
|
|
Cyber.spirit
|
|
« Reply #9 on: September 04, 2012, 03:50:25 AM » |
|
i missed something. Maybe u can use some ie vulnerabilities or other programs but keep in mind there is always a way and practice is the key of everything
|
|
|
|
|
Logged
|
ICS Academy Network Security Certified
|
|
|
|
Jamie.R
|
|
« Reply #10 on: September 04, 2012, 07:32:42 AM » |
|
There are lots way client side attack are most common here an email please Click my link you can also use metasploit to try encode and make exe or pdf. Then you have the Social engineer toolkit that mainly focus on client side attacks.
|
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
Cyber.spirit
|
|
« Reply #11 on: September 05, 2012, 12:33:12 PM » |
|
i agree with Jamie.R. Man nothing in security world is static u cant say ok this computer is updated and patch so no one can break into it. There is a way always
|
|
|
|
|
Logged
|
ICS Academy Network Security Certified
|
|
|
|
sh4d0wmanPP
|
|
« Reply #12 on: September 06, 2012, 06:17:58 AM » |
|
This is one of the reasons why a risk analysis and defense in depth are so important. Focus your security efforts on the most important assets and understand that even then there will still be a way for a determined attacker to get what they want. Your best bet is to secure them so well that the time and money required for a succesfull attack is not worth what they are after.
However if you are a high profile target like a government agency or army, all bets are off....
|
|
|
|
|
Logged
|
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
|
|
|
|
Cyber.spirit
|
|
« Reply #13 on: September 07, 2012, 04:04:16 AM » |
|
its correct
|
|
|
|
|
Logged
|
ICS Academy Network Security Certified
|
|
|
|
