Forum Thread: Is It Really Possible to Exploit Windows 7/8/10 ?

Everyday, it seems to me that hacking is getting harder. OSs are getting harder to exploit, and resources are hard to find. Most of the resources I stumble on are outdated.

So is it really possible to exploit modern OSs ? And are there good up-to-date resources for someone wishing to deepen his knowledge ?

14 Responses

Yeah,only just what u need is to find a good exploit www.exploit-db.com

Just to clarify, I wasn't meaning to be condescending, your answer was correct, you can lift an exploit from exploit db, I was simply adding to that. I know that many noobs hear 'Windows 7 is hackable', so they get all excited cause their target is windows 7. But then they realize that the exploits that exist for it aren't available on their target because the applicable ports are closed.

Well technically it depends on what ports are open. Even if you're running Windows 7 and an exploit exists, doesn't mean it's going to work if the port needed in the exploit isn't open on your target. Yes, OSs are getting harder, but other attack vectors have become available. Exploiting a weakness in their auth mechanism or password policy or in a web app, outdated software, xss, csrfs, sqli ect are going to be the most common (barring some form of social engineering) See OWASPS's top 10. Those are the puppies you're gonna be focused on finding.

Saying that "it depends on the port" is a wrong statement. It depends whether the service running on that port is vulnerable or not. An open port doesn't mean exploitation, it means communication.

-Phoenix750

no shit sherlock. There wouldn't be an exploit for it if it weren't vuln. I don't think you understand. If IIS6 is vuln bc of it's FTP server, FTP port needs to be open. You may know a lot about code but some of the answers you've given on here are farrrrrr from correct or are only intended to be condescending. Your 14 yo age is quite apparent, talk to me when you're old enough to buy booze, or hell, even cigarettes. I know this is going to BLOW your mind, but you don't know everything and aren't the go-to expert on NullByte. Now go ahead and downvote all my posts.

1.) I'm 17, not 14.

2.) If what you meant is that the service is vulnerable (which I initially tried to point out), then why not just say "it depends on the services that are running" and not be that confusing?

3.) The hilarious irony in your comment is that I actually know little programming languages (maybe some C++, but that's it).

And you don't like how I try to help in Null Byte's growth? That's okay, I have no need for your respect, or anything else you could possibly "offer" me.

I answer questions to assist in Null Byte's growth and to lead the neophytes in the right direction. If you believe I am holding back Null Byte's growth or that I am giving out false information, then by all means, talk to OTW.

-Phoenix750

Phoenix knows what he is talking about. His age doesn't mean anything. Mendax the original was only 17 when he broke into NASA

There is no need to use derogatory language. We are all here to learn and help others learn in a safe and cordial environment.

If we, as a community, are seen as discourteous and negligent people, we will hit rock bottom before you know it.

TRT

You could have the most secure OS ever made and there would still be an exploit. Humans have a tendency to think that they can make something better, but by doing that, they make an exploit. Never stop scanning, never stop social engineering, never stop trying. Where there is a will, there is a way.

Good point. We often tend to forget that we are imperfect beings and we all make mistakes at some point, and thus it is impossible for humans to create perfect things.

A good example would be the Enigma machine used by Nazi-Germany during WWII: It was seen as an uncrackable algorithm for 20 years, until the allies were successful in cracking it. Today it is seen as a worthless algorithm. Perhaps the same fate awaits AES?

-Phoenix750

Allot of resources online are using older OS's in their examples (XP) but that doesn't mean more modern OS's aren't vulnerable too. It just makes the example easier for people to follow along. They have certainly stepped up security consciousness with newer OS's over the years but like said above no one is perfect and there are always issues. I have never in all my years of experience heard of an OS that wasn't vulnerable.

Even with all the security awareness in modern OS's there are all kinds of people developing services and programs and such for these OS's. These applications can have vulnerabilities we can take advantage of as well.

As far as the above comments (without getting into the boxing ring here) but clarifying so we can understand. You have to have a vulnerable service, program or application running with the appropriate port open on the system in order to exploit it. For example I can have a vulnerable service running but if the firewall blocks the ports there may not be much you can do to exploit it. Also I can have a port open on the firewall but nothing running that uses that port. Again there may not be much you can do.

Thanks for all the answers !

Can anyone link some up-to-date material ? Cause really, the XP stuff is really getting useless. For example, I was trying port scanning on Windows 7 with nmap, and HELL ! Even after reading The Fat-free Guide to Network Scanning , I could do much. All I got were filtered ports. Not a good start.

Also, I heard that there are no more exploits in modern OSs that doesn't require user-interaction. Is that true ?

Is windows firewall enabled?

And that is mostly true. Most vulnerabilities in modern OS's aren't caused by the OS itself, but by the services running on them. Though sometimes there are exceptions (like ShellShock some time ago).

-Phoenix750

"no more exploits in modern OSes that doesn't require user-interaction"

That applies only if you are talking about network vulnerabilities. There are also those that are uncovered with physical access. This requires no remote user interaction when all the attacker needs to do is be present.

And even with networks, you have DNS Spoofing to redirect legitimate sites to a malicious link that exploits a browser vulnerability. There is also the CVE-2015-6131 which allows Remote Code Execution (RCE) by falsifying an .mcl file as an HTML document. This is bare minimum interaction to none at all.

As expected, though, the number of zero-days discovered has been diminishing overall. This is no surprise as, in recent times, the technology world has become centred around security. Exploits that require no user interaction in most recent OS versions are small in numbers, but they exist, subsisting.

TRT

Share Your Thoughts

  • Hot
  • Active