Metasploit vs. Windows 7

Discussion in 'other anti-malware software' started by Gullible Jones, Nov 12, 2013.

Thread Status:
Not open for further replies.
  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    For these tests I'll be using Windows 7 SP1, 32-bit, with all current updates applied. Initial exploits will be via the Firefox XPI social engineering attack. (Just pretend it's a zero-day. :p )

    For now I'm just doing Immunet Protect, because I'm curious whether it's really that bad or just has problems on Windows XP.

    Edit: Immunet can't even start on Win7. Oops! Anyway look forward to some actual tests here.
     
    Last edited: Nov 12, 2013
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Strange, Immunet worked fine on Windows 7 64-bit SP1 for me even with Avast running. Actually, why are you testing 32-bit?
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Because I don't have a copy of 64-bit.
     
  4. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    836
    Location:
    Québec, Canada
    At home I use Immunet Plus on my Windows 7 x64 box without any problem.
     
  5. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Hmm... I'll try again I guess. Let's see if I can get this working.
     
  6. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    It worked the second time... strange.

    Immunet Protect 3.0
    Setup:
    - Blocking mode on
    - ClamAV engine and updates on
    - Point Firefox to the fake extension page and click okay

    Results:
    - Exploit succeeds
    - Injection into other processes succeeds
    - UAC bypass fails (Immunet blocks a required executable image :) )
    - User persistence succeeeds
    - getsystem fails (no permissions)
    - Creating fake services fails (no permissions)
    - Service-for-user persistence succeeds
    - Can't steal tokens (but that's because of UAC)
    - All kernel exploits fail (but that's because we're up to date)
    - Keylogging and screenshots work
    - Persistence (as user) is established on reboot

    Comments:
    Immunet still seems to be almost an afterthought here. Even the UAC bypass can be blocked by setting UAC to maximum; as far as I can tell, Immunet is no improvement at all on a properly configured Windows 7 system.
     
  7. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    You know you can get all Windows 7 ISO's for free and use them as a 30 day trial? You don't need to enter a key to update them fully.
     
  8. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    836
    Location:
    Québec, Canada
    Very interesting, thanks.
    Did you try this with the latest MSE too? (v4.4.304 updated yesterday)

    Thanks again!
    François
     
  9. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    I did just now. :) MSE blocks the XPI exploit completely. I can't say anything further because there are no working vulnerabilities in the database for an up to date Win7 system.
     
  10. tomazyk

    tomazyk Guest

    You would probably have some exploits if you only installed Win7 with SP1 with no additional updates. I believe you used similar setup with WinXp (sp3 with no additional updates)?
     
  11. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Which is why I keep saying that updates really do matter. :) The recent updates to Windows 7 make far more difference than the AV (or any other security software). Security software can contain the fallout an exploit (sometimes) but patches are the only thing that can make the exploit go away.

    Edit: I may use an outdated Win7 SP1 VM for future tests of stuff like EMET though. We'll see.
     
  12. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,913
    Can you test if there any benefit of EMET on updated Windows 7?
     
  13. taleblou

    taleblou Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    1,166
    same here when I tried to test on my win 7 32bit vm.
     
  14. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    I'm trying to do a comparison right now of Privatefirewall on XP (really bad) vs. 7 (hopefully better), but 7's native defenses are really skewing things. 20+ different browser exploits tried so far, including recent Java exploits, and not one of them has worked. I'll probably have to deliberately install something outdated to get this done.
     
Loading...
Thread Status:
Not open for further replies.