Hacking Windows — Ethical Hacking as a Beginner [13]

In this article let’s see some of the vulnerabilities that were discovered in Windows machines.

Understanding SMB Protocol

The Server Message Block (SMB) protocol, operating over ports 139 and 445, is a cornerstone of Windows networking. By default, these ports are open, presenting an entry point for potential attackers. One infamous exploit targeting SMB is the EternalBlue attack.

The EternalBlue Exploit

EternalBlue exploits a mathematical error in the SMB protocol, allowing attackers to execute arbitrary code remotely without authentication. Leveraging tools like Metasploit, ethical hackers can assess if a target is vulnerable. Using msfconsole, one can search for the EternalBlue exploit module (use auxiliary/scanner/smb/smb_ms17_010) and execute it against a target machine. Subsequently, the exploit/windows/smb/ms17_010_eternalblue module can be utilized to launch the attack.

DoublePulsar and SMBGhost Exploitation

Similar to EternalBlue, DoublePulsar and SMBGhost (CVE-2020–0796) exploits target vulnerabilities in the SMB protocol. Ethical hackers can leverage analogous methodologies to assess and exploit these vulnerabilities, employing tools such as Metasploit for reconnaissance and execution.

BlueKeep Vulnerability

Another critical vulnerability in Windows systems is BlueKeep (CVE-2019–0708), affecting the Remote Desktop Protocol (RDP) on port 3389. To ethically assess and exploit this vulnerability, one can utilize Metasploit to scan for susceptible targets (auxiliary/scanner/rdp/cve_2019_0708_bluekeep) and subsequently execute the exploit (exploit/windows/rdp/cve_2019_0708_bluekeep).

These are the most (in)famous Windows exploits that were patched in upcoming releases. We now know why regularly updating windows and keeping firewall turned on is important.

Check for yourself and stay protected!