ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

Searching Exploits directly from Microsoft site. Unknown rwxr-xr-x 0 5/06/2015

Filename Searching Exploits directly from Microsoft site.
Permission rw-r--r--
Author Unknown
Date and Time 5/06/2015
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team 



Credit: Amit

In this article, I will show you guys how to search Exploits directly from Microsoft site..
























Step 1: Navigate to Microsoft's Technet

Too more than 90% of all PCs on the planet run a form Microsoft's universal Windows working framework (despite the fact that it may shock you that more than 60% of all web servers run some variant of Linux/Unix), Microsoft's vulnerabilities clearly are exceptionally esteemed to the programmer.

Thankfully, Microsoft offers us database of every last one of vulnerabilities they need to recognize, and this can be found at their Microsoft Security Bulletins site page.

Here, Microsoft lays out all the subtle elements of the vulnerabilities that they are mindful of in their working framework and application programming. It goes without saying—I surmise that zero day vulnerabilities and vulnerabilities that Microsoft would like to recognize yet, won't be found here. These vulnerabilities are just those that Microsoft is mindful of and has a patch produced for.

Anyway, what great is it to the programmer to be mindful of vulnerabilities that Microsoft has fixed, you may ask (you did ask that, privilege?). The answer is that not everybody patches.

A few clients and organizations decline to fix due to the creation dangers included and others just fix discontinuously. On the off chance that you look at Netcraft and gaze upward a specific site, it will let you know to what extent since that site has been re-booted. For the most part, a re-boot is important to fix a framework. In the event that the framework has not been re-booted for, say 2 years, we realize that all the vulnerabilities recorded in Microsoft's security release are accessible on that framework. At the point when that is the situation, you can just discover a helplessness that has been found inside that most recent two years and afterward misuse it on that framework.

There is additionally the issue of pilfered programming. A critical portion of the world's working frameworks and applications are pilfered (I'm certain you know no less than one individual was has pilfered programming, right?). It is assessed that a larger part of the product in China and other creating countries is pilfered. This implies  that these frameworks won't get the most recent fixes and are helpless against the recorded vulnerabilities in Microsoft's security announcements. How pleasant!

Step 2: Search the Database by Microsoft Vulnerability Number

The Microsoft security notices are an effectively sought database. You can look it by item, date reach or security release number. In the event that you do a reversal and take a gander at some of my Metasploit excercises, you will recognize that we've utilized an endeavor as a part of Metasploit numerous, multiple occassions that is named ms08_067_netapi. That number is the Microsoft security notice number. The ms remains for Microsoft, obviously, the 08 stands for the year the powerlessness was revealed, 2008, and the 067 methods it was 67th defenselessness recognized by Microsoft that year. On the off chance that we hunt Microsoft's security releases down that powerlessness, this is the thing that we find.

Notice that this defenselessness is named "Powerlessness in Server Service Could permit Remote Code Execution". Remote code execution is precisely what we are searching for. It permits audience members/rootkits to be introduced and executed remotely. This clearly incorporates our rootkit of decision, Metasploit's meterpreter. When we tap on it, we get the complete report.

We can see that Microsoft gives us (thank you, Bill!) will an official rundown of the endeavor and tells which of their frameworks are defenseless. On the off chance that we page down we can see a rundown of every influenced document and working frameworks.

Step 3: Search Vulnerabilities by Product

In the event that we are searching for vulnerabilities in a specific item, we can utilize this database and inquiry by item. Case in point, in the event that I was searching for a weakness in Microsoft's Lync (this is Microsoft's endeavor level testing, VOIP, and feature conferencing server with exceptional security highlights), I can essentially choose Lync and this database will reveal to me all the vulnerabilities of that item. Here's the latest defenselessness found in Microsoft's Lync item that "considers remote code execution" Yeah!

www.arizonainfotech.com
CEHv8 CHFIv8 ECSAv8 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, Center For Advanced Security Training in India, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan