Friday, January 10, 2014

pwn Windows 2008 R2 server and Windows 7 with metasploit

Read full details here:(DOS) Denial-of-Service attack on Windows 2008 R2 server and Windows 7 with Metasploits on Kali Linux
All the hacks using Metasploits talks about Windows XP, Windows 2003 server and older version of Windows which are being phased out slowly. More and more people are using Windows 7 as their Operating System and Windows 2008 R2 server for corporate purposes. The purpose of this guide is to show how you can use a simple smb infinite loop vulnerability to crash and do (DOS) Denial-of-service attack on Windows 2008 R2 server and Windows 7 using Metasploits. I’ve tested this with a Windows 7 fresh install (no patch or service packs) and Windows 2008 R2 (no patch and service packs) and in both cases they stopped responding completely. You don’t even get to click anything. The only way I could get back into Windows is by doing a hard reset (press Power Key and reboot).


Now the main problem is most people plug in their Windows 7 into Internet and update with patches and service packs. But many many organizations just lock down their server which got no Internet connectivity and or stop it from updating as some updates requires a reboot. In production environment, rebooting a critical server might cause service interruption. But the way I understand it, if you don’t have enough time to patch your server and desktops, you are leaving them exposed with vulnerability and leaving them wide open, in other words you’re inviting remote hacks into your vulnerable system.

(DOS) Denial-of-service attack on Windows 2008 R2 server and Windows 7 with Metasploits

In this guide, I will demonstrate how to exploit Windows 7 and perform (DOS) Denial-of-service attack on Windows 2008 R2 server who didn’t apply MS10-006 (Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) patch. According to Microsoft this affects the following unpatched systems:
  • Microsoft Windows 2000,
  • Windows XP,
  • Windows Server 2003,
  • Windows 7, and
  • Windows Server 2008 R2,
It is rated Important for
  • Windows Vista and
  • Windows Server 2008
WOHAA, that’s like everything except Windows NT, ME, 95 and 3.1!!! So if your target hasn’t patched this long lasting issue maybe they should get a taste of it.
This vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. More technical jargon’s here: MS10-006
In case your target is Windows 2003, you should check (DOS) Denial-of-service attack on Windows 2003 with Metasploits guide. If you have issues starting or want to start Metasploits at system start-up (often a good idea when you’re using it heavily) you might also try to read other guides like start Metasploits framework.
If you’re not familiar with Metasploits you should read the first section from (DOS) Denial-of-service attack on Windows 2003 with Metasploits guide. This is a particularly good one as it explains what Metasploits is and how you can use it efficiently.
Now let’s start with the guide.

Start msfconsole

If you don’t have PostgreSQL and Metasploits running already you need to start it. I suggest you just enable postgresql and Metasploits framework at start-up so that you don’t have to type same commands over and over again. As you can see I am running Kali Linux (v1.0.6) and following is how you run Metasploits from command line.
root@kali:~# service postgresql start
[ ok ] Starting PostgreSQL 9.1 database server: main.
root@kali:~# service metasploits start
[ ok ] Starting Metasploits rpc server: prosvc.
[ ok ] Starting Metasploits web server: thin.
[ ok ] Starting Metasploits worker: worker.


Read the rest of it here:(DOS) Denial-of-Service attack on Windows 2008 R2 server and Windows 7 with Metasploits on Kali Linux

No comments:

Post a Comment