.

Remote Code Execution

<<

VictorM

Newbie
Newbie

Posts: 2

Joined: Mon Aug 27, 2012 9:58 pm

Post Mon Aug 27, 2012 10:09 pm

Remote Code Execution

Hello everyone.

I was hoping the fine folks here might be able to answer a question about understanding how remote code exploits work. Assuming that the machine is running windows XP/Vista/7 on a x86 platform with all service packs, patches and updates with no TCP/IP services and no server applications running then how can it be possible to take advantage of such a box remotely ? Then is it possible that a zero day exploit would be needed in order to access this typical box ?

Please note that I have no interest nor intentions in hacking into anyone box but would like to understand the logic behind how remote code exploits work...

Thanks in advance

VictorM
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Mon Aug 27, 2012 11:07 pm

Re: Remote Code Execution

Even if you are not running any other services (such as a web server, ftp server) you still have the built in Microsoft Services and applications running. Take for example MS08-067, this issue allowed an attacker to take advantage of the way that the Server service handles RPC requests. The attacker was able to execute code on the remote PC by exploiting this flaw.

This issue was patched a long time ago so shouldn’t be an issues anymore. To take advantage of a PC like the one you are talking about most of the time it would take a Zero Day or for  the machine to be missing a critical patch.

If you have a quick google you will find heaps of examples of how this is done.
Last edited by S3curityM0nkey on Mon Aug 27, 2012 11:15 pm, edited 1 time in total.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Aug 27, 2012 11:33 pm

Re: Remote Code Execution

0 day in the OS or an exploit/0 day in third party software that exposes a service.
<<

shadowzero

User avatar

Full Member
Full Member

Posts: 120

Joined: Sat Jun 02, 2012 10:03 pm

Post Mon Aug 27, 2012 11:43 pm

Re: Remote Code Execution

Doesn't even have to be server software. A vulnerable music player can load a a specially crafted MP3 file, which in turn executes code and opens a backdoor to the computer. Almost everyone installs third party software, so there's the chance that something installed is vulnerable to something.
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Mon Aug 27, 2012 11:45 pm

Re: Remote Code Execution

Could be a flaw in IE... so so many ways....
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Tue Aug 28, 2012 2:31 am

Re: Remote Code Execution

There are lots ways 0 days,encoding exploits to try bypass virus software and then you have end user who like to click anything you send them.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

VictorM

Newbie
Newbie

Posts: 2

Joined: Mon Aug 27, 2012 9:58 pm

Post Tue Aug 28, 2012 6:52 pm

Re: Remote Code Execution

@To All thanks for the helpful replies. I also gave some thoughts to Zero Day exploits that might still exist which have yet to be published and patched.

Appreciate the replies.

Victor
<<

jjwinter

User avatar

Jr. Member
Jr. Member

Posts: 80

Joined: Mon Mar 05, 2012 10:33 pm

Post Fri Aug 31, 2012 8:52 am

Re: Remote Code Execution

From what I've been reading, many exploits are the result of getting the user to click your infected site and take advantage of a browser flaw, Java exploit, Flash Player, PDF reader....as shadowzero said, no run runs vanilla Windows with no third party apps installed. Just might take some Social Engineering.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Tue Sep 04, 2012 3:41 am

Re: Remote Code Execution

all of patchs, updates, service packs can help u to improve security but it dosent mean ur completely secure. For example if u installed adobe reader u can create an infected pdf file using metasploit send it to the target and get some access but maybe u'll get error or failure it depends on many things security world is so complex
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Tue Sep 04, 2012 3:50 am

Re: Remote Code Execution

i missed something. Maybe u can use some ie vulnerabilities or other programs but keep in mind there is always a way and practice is the key of everything
ICS Academy Network Security Certified
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Tue Sep 04, 2012 7:32 am

Re: Remote Code Execution

There are lots way client side attack are most common here an email please Click my link you can also use metasploit to try encode and make exe or pdf. Then you have the Social engineer toolkit that mainly focus on client side attacks.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Wed Sep 05, 2012 12:33 pm

Re: Remote Code Execution

i agree with Jamie.R. Man nothing in security world is static u cant say ok this computer is updated and patch so no one can break into it. There is a way always
ICS Academy Network Security Certified
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Thu Sep 06, 2012 6:17 am

Re: Remote Code Execution

This is one of the reasons why a risk analysis and defense in depth are so important. Focus your security efforts on the most important assets and understand that even then there will still be a way for a determined attacker to get what they want. Your best bet is to secure them so well that the time and money required for a succesfull attack is not worth what they are after.

However if you are a high profile target like a government agency or army, all bets are off....
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Sep 07, 2012 4:04 am

Re: Remote Code Execution

its correct
ICS Academy Network Security Certified
<<

Yababa

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Oct 10, 2013 12:23 pm

Location: New York

Post Sun Oct 13, 2013 11:06 am

Re: Remote Code Execution

shadowzero wrote:Doesn't even have to be server software. A vulnerable music player can load a a specially crafted MP3 file, which in turn executes code and opens a backdoor to the computer. Almost everyone installs third party software, so there's the chance that something installed is vulnerable to something.



This is true. It doesn't always have to occur remotely. However, it' my appear more attractive and alluring to do so.
A+ | Network+ | Security+ |

CCCENT | Linux+ | CCNA

C|EH | eCCPT | eWPT


GPEN | GSEC | GCFW | GCFA | GSLA
Next

Return to OS

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software