Forum Thread: Is It Really Possible to Exploit Windows 7/8/10 ?

Just to clarify, I wasn't meaning to be condescending, your answer was correct, you can lift an exploit from exploit db, I was simply adding to that. I know that many noobs hear 'Windows 7 is hackable', so they get all excited cause their target is windows 7. But then they realize that the exploits that exist for it aren't available on their target because the applicable ports are closed.

Well technically it depends on what ports are open. Even if you're running Windows 7 and an exploit exists, doesn't mean it's going to work if the port needed in the exploit isn't open on your target. Yes, OSs are getting harder, but other attack vectors have become available. Exploiting a weakness in their auth mechanism or password policy or in a web app, outdated software, xss, csrfs, sqli ect are going to be the most common (barring some form of social engineering) See OWASPS's top 10. Those are the puppies you're gonna be focused on finding.

You could have the most secure OS ever made and there would still be an exploit. Humans have a tendency to think that they can make something better, but by doing that, they make an exploit. Never stop scanning, never stop social engineering, never stop trying. Where there is a will, there is a way.

Allot of resources online are using older OS's in their examples (XP) but that doesn't mean more modern OS's aren't vulnerable too. It just makes the example easier for people to follow along. They have certainly stepped up security consciousness with newer OS's over the years but like said above no one is perfect and there are always issues. I have never in all my years of experience heard of an OS that wasn't vulnerable.

Even with all the security awareness in modern OS's there are all kinds of people developing services and programs and such for these OS's. These applications can have vulnerabilities we can take advantage of as well.

As far as the above comments (without getting into the boxing ring here) but clarifying so we can understand. You have to have a vulnerable service, program or application running with the appropriate port open on the system in order to exploit it. For example I can have a vulnerable service running but if the firewall blocks the ports there may not be much you can do to exploit it. Also I can have a port open on the firewall but nothing running that uses that port. Again there may not be much you can do.

Thanks for all the answers !

Can anyone link some up-to-date material ? Cause really, the XP stuff is really getting useless. For example, I was trying port scanning on Windows 7 with nmap, and HELL ! Even after reading The Fat-free Guide to Network Scanning , I could do much. All I got were filtered ports. Not a good start.

Also, I heard that there are no more exploits in modern OSs that doesn't require user-interaction. Is that true ?

"no more exploits in modern OSes that doesn't require user-interaction"

That applies only if you are talking about network vulnerabilities. There are also those that are uncovered with physical access. This requires no remote user interaction when all the attacker needs to do is be present.

And even with networks, you have DNS Spoofing to redirect legitimate sites to a malicious link that exploits a browser vulnerability. There is also the CVE-2015-6131 which allows Remote Code Execution (RCE) by falsifying an .mcl file as an HTML document. This is bare minimum interaction to none at all.

As expected, though, the number of zero-days discovered has been diminishing overall. This is no surprise as, in recent times, the technology world has become centred around security. Exploits that require no user interaction in most recent OS versions are small in numbers, but they exist, subsisting.

TRT