Remote Code Execution

This topic contains 15 replies, has 9 voices, and was last updated by  Yababa 5 years, 6 months ago.

  • Author
    Posts
  • #7842
     VictorM 
    Participant

    Hello everyone.

    I was hoping the fine folks here might be able to answer a question about understanding how remote code exploits work. Assuming that the machine is running windows XP/Vista/7 on a x86 platform with all service packs, patches and updates with no TCP/IP services and no server applications running then how can it be possible to take advantage of such a box remotely ? Then is it possible that a zero day exploit would be needed in order to access this typical box ?

    Please note that I have no interest nor intentions in hacking into anyone box but would like to understand the logic behind how remote code exploits work…

    Thanks in advance

    VictorM

  • #49365
     S3curityM0nkey 
    Participant

    Even if you are not running any other services (such as a web server, ftp server) you still have the built in Microsoft Services and applications running. Take for example MS08-067, this issue allowed an attacker to take advantage of the way that the Server service handles RPC requests. The attacker was able to execute code on the remote PC by exploiting this flaw.

    This issue was patched a long time ago so shouldn’t be an issues anymore. To take advantage of a PC like the one you are talking about most of the time it would take a Zero Day or for  the machine to be missing a critical patch.

    If you have a quick google you will find heaps of examples of how this is done.

  • #49366
     cd1zz 
    Participant

    0 day in the OS or an exploit/0 day in third party software that exposes a service.

  • #49367
     shadowzero 
    Participant

    Doesn’t even have to be server software. A vulnerable music player can load a a specially crafted MP3 file, which in turn executes code and opens a backdoor to the computer. Almost everyone installs third party software, so there’s the chance that something installed is vulnerable to something.

  • #49368
     S3curityM0nkey 
    Participant

    Could be a flaw in IE… so so many ways….

  • #49369
     Jamie.R 
    Participant

    There are lots ways 0 days,encoding exploits to try bypass virus software and then you have end user who like to click anything you send them.

  • #49370
     VictorM 
    Participant

    @To All thanks for the helpful replies. I also gave some thoughts to Zero Day exploits that might still exist which have yet to be published and patched.

    Appreciate the replies.

    Victor

  • #49371
     jjwinter 
    Participant

    From what I’ve been reading, many exploits are the result of getting the user to click your infected site and take advantage of a browser flaw, Java exploit, Flash Player, PDF reader….as shadowzero said, no run runs vanilla Windows with no third party apps installed. Just might take some Social Engineering.

  • #49372
     cyber.spirit 
    Participant

    all of patchs, updates, service packs can help u to improve security but it dosent mean ur completely secure. For example if u installed adobe reader u can create an infected pdf file using metasploit send it to the target and get some access but maybe u’ll get error or failure it depends on many things security world is so complex

  • #49373
     cyber.spirit 
    Participant

    i missed something. Maybe u can use some ie vulnerabilities or other programs but keep in mind there is always a way and practice is the key of everything

  • #49374
     Jamie.R 
    Participant

    There are lots way client side attack are most common here an email please Click my link you can also use metasploit to try encode and make exe or pdf. Then you have the Social engineer toolkit that mainly focus on client side attacks.

  • #49375
     cyber.spirit 
    Participant

    i agree with Jamie.R. Man nothing in security world is static u cant say ok this computer is updated and patch so no one can break into it. There is a way always

  • #49376
     sh4d0wmanPP 
    Participant

    This is one of the reasons why a risk analysis and defense in depth are so important. Focus your security efforts on the most important assets and understand that even then there will still be a way for a determined attacker to get what they want. Your best bet is to secure them so well that the time and money required for a succesfull attack is not worth what they are after.

    However if you are a high profile target like a government agency or army, all bets are off….

  • #49377
     cyber.spirit 
    Participant

    its correct

  • #49378
     Yababa 
    Participant

    @shadowzero wrote:

    Doesn’t even have to be server software. A vulnerable music player can load a a specially crafted MP3 file, which in turn executes code and opens a backdoor to the computer. Almost everyone installs third party software, so there’s the chance that something installed is vulnerable to something.

    This is true. It doesn’t always have to occur remotely. However, it’ my appear more attractive and alluring to do so.

  • #49379
     Yababa 
    Participant

    @Jamie.R wrote:

    There are lots ways 0 days,encoding exploits to try bypass virus software and then you have end user who like to click anything you send them.

    However, true. It’s because extreme cautious can cause the average user intense anxiety.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?