Security Basics mailing list archives
Re: Win XP SP2 Pentest
From: krymson () gmail com
Date: 29 Nov 2006 15:29:08 -0000
Both of those vulnerabilities (MSO4-011 and MS03-026) were patched by the time SP2 was released. You'll need to pick a more recent vulnerability. Of note, XP SP2 was released in Q3 2004. Microsoft security bulletins are named by their year. MS04-011 was the 11th bulletin of 2004, and so on. That can give you a quick clue on whether they're likely to be patched or not (MS06 is 2006). If you have access to the system, especially if you can scan it using an admin account, I recommend using MBSA or Nessus to evaluate whether the system is lacking some patches or has some open vulns that match exploits in Metasploit's list. Always be careful running Nessus against live, production servers, however. It can lock up the system or services. Hi all, I have been trying to conduct a pentest against WinXP pro SP2 hosts using Metaspoit 2.7 Unfortunately none of the exploits would work (msrpc_dcom_ms03_026,Microsoft LSASS MSO4-011 Overflow) I have disable the firewall as well. Would be grateful for any pointers. Thanks Suranjith
Current thread:
- Win XP SP2 Pentest pentestpro (Nov 29)
- <Possible follow-ups>
- Re: Win XP SP2 Pentest krymson (Nov 30)
- Re: Win XP SP2 Pentest null (Nov 30)