since xp is longer being patched by microsoft this should mean its very vulnerable now to remote exploits correct? are there any "zero-day" exploits that work on xp that should be forever available. it seems to me that xp being left in the cold my M$ and that XP still has a pretty large foothold this would be something great if your a hacker. But everything i find just points to netapi or dcom exploits which have been patched therefor any system that has all m$ patches is not vulnerable anymore. Especially if the system has most ports closed. exacmle xp machine with ports 135,139,445 open but all remote exploits are patched some time ago so any system that took updates in the past year are secured. Surely there has to be some remote exploit that will forever pwn an xp box right, or only those elite hackers that found the hole themselves and dont release
Forum Thread: Xp No Longer Patched, Open Exploits?
- Hot
- Active
-
Forum Thread: Whatsapp Hack? 16 Replies
22 hrs ago -
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
2 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
5 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
6 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
7 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
7 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
8 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
10 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
10 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
10 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago
-
How To: Find Passwords in Exposed Log Files with Google Dorks
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
How To: Crack Password-Protected Microsoft Office Files, Including Word Docs & Excel Spreadsheets
-
How To: Use Kismet to Watch Wi-Fi User Activity Through Walls
-
How To: Spy on Traffic from a Smartphone with Wireshark
-
How To: Dox Anyone
-
How To: Exploit EternalBlue on Windows Server with Metasploit
-
How To: Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
Become an Elite Hacker Part 4: Hacking a Website. [Part 1]
-
How To: Wardrive with the Kali Raspberry Pi to Map Wi-Fi Devices
-
How To: Fix Bidirectional Copy/Paste Issues for Kali Linux Running in VirtualBox
-
How To: Write an XSS Cookie Stealer in JavaScript to Steal Passwords
-
How To: Advanced Techniques to Bypass & Defeat XSS Filters, Part 1
-
How To: Hack Coin-Operated Laudromat Machines for Free Wash & Dry Cycles
-
How To: Crack MD5 Hashes with All of Kali Linux's Default Wordlists
-
How To: Haunt a Computer with SSH
-
How To: Fix Your Overheating, RRoD, or E74 Xbox 360 with Mere Pennies
-
How To: Bypass Windows Passwords Part 1
-
How Null Byte Injections Work: A History of Our Namesake
-
How To: Securely Sniff Wi-Fi Packets with Sniffglue
6 Responses
The OS itself is hardly ever exploited. But a lot of social engineering and msfvenom stuff works great with XP
Frank:
A new RPC, remote code execution exploit was found in the wild just over a month ago that is not patched. The trojan is known as 'Trojan.Gimmiv.A'.
OTW
I have not heard about that one yet. I checked the exploit-db and found nothing.
Apparently, its a repackaged old RPC exploit.
I will look into this. I was kinda wondering the same because a lot of devices still run XP and that is scary.
A lot of devices do run xp still, including embedded devices that you cant really social engineer. Thats what grabbed my interest more and the reason i asked about remote code execution. Seeing as microsoft ended support i figured someone would figure out some remote exploit that in theory would work "forever" now.
You mentioned msfvenom but isnt that really just encoding the payloads to slip past av and firewalls, how would that help against an embedded machine or regular xp box on a lan that you cant social engineer.
Share Your Thoughts