Windows Exploitation

Windows Vulnerabilities

Windows O.S. is a prime target for attackers given the threat surface and its popularity.

Most of the Windows vulnerabilities exploits are publicly available, making them simple to use.

• Threat surface is fragmented, depending on the Win O.S. version.

• The older the O.S. version, the more vulnerable to attacks.

• All of Windows operating systems share a similarity according to the development model.

  • C programming language - leads to buffer overflows, arbitrary code execution, etc

  • No default security practices applied - must be sistematically handled by the company

  • Patching by Microsoft is not immediate, or versions are out of support/patching

• To name a few, Windows XP, 7, Server 2008 and Server 2012, are still used by many companies and are largerly vulnerable, leaving the systems open to new attack vectors.

  • Cross platform vulnerabilities, e.g. SQL injections, cross-site scripting (on IIS web servers)

• Physical attacks, e.g. malicious USB drives, theft, etc

Windows Exploitation

Windows has various standard native services and protocols configured or not on a host. When active, they provide an attacker with an access vector.

Protocol/Service	Ports	Purpose
Microsoft IIS (Internet Information Services)	TCP 80/443	Microsoft Web server for Windows, hosting web applications
WebDAV (Web Distributed Authoring & Versioning)	TCP 80/443	HTTP extension that allows clients to copy, move, delete and update files on a web server. Used to enable a web server to act as a file server
SMB/CIFS (Server Message Block)	TCP 445 / on top of NetBios 137-139	Network file and peripherals sharing protocol, betweend computers on a local network (LAN)
RDP (Remote Desktop Protocol)	TCP 3389	GUI remote access protocol used to remotely authenticate and interact with Windows (Disabled by default)
WinRM (Windows Remote Management Protocol)	TCP 5986/443	Used to facilitate remote access with Windows systems, execute remote commands