28.Windows Desktop Versions

Windows 7 Enumeration

systeminfo
python2.7 windows-exploit-suggester.py --update
python2.7 windows-exploit-suggester.py --database <database_file>.xls --systeminfo <systeminfo_file>.txt

PowerShell (MS16-032)

powershell.exe -ExecutionPolicy Bypass -Scope Process
Import-Module .\Invoke-MS16-032.ps1
Invoke-MS16-032

Meterpreter (Local Exploit Suggester)

use post/multi/recon/local_exploit_suggester
set SESSION <session_id>
exploit

Key Points:

• EOL Status:

  • Windows 7 reached its end-of-life on January 14, 2020.

• Security Differences:

  • Windows 7 lacks many security features present in Windows 10 (e.g., Microsoft Passport/MFA, Credential Guard, Device Guard, Control Flow Guard).

• Prevalence:

  • Despite being EOL, Windows 7 remains in use in numerous organizations.

  • It is important to understand why the client might still have these systems.

• Penetration Testing Considerations:

  • Context is crucial; understand the client's business needs and limitations.

  • Provide mitigation strategies beyond simply recommending upgrades.

• Enumeration and Exploitation:

  • Tools like Windows-Exploit-Suggester can identify potential privilege escalation vulnerabilities.

  • Installation of python2.7 and supporting libraries is required for windows-exploit-suggester on some systems.

  • systeminfo command output is used as input for Windows-Exploit-Suggester.

  • The example demonstrates exploiting MS16-032 (Secondary Logon Service vulnerability) using a PowerShell PoC.

• Key tools and commands:

  • systeminfo

  • Windows-Exploit-Suggester

  • PowerShell (Invoke-MS16-032.ps1)

  • Meterpreter (local exploit suggester)

In essence:

• Windows 7 poses significant security risks due to its EOL status and lack of modern security features.

• Penetration testers must be prepared to encounter and assess these systems.

• Understanding the client's context and providing practical mitigation strategies are essential.

• Windows 7 has many available exploits.