EOL Systems and Exploits

End-of-life systems (EOL) are systems that have reached their life decided by Microsoft. These systems will no longer get any updates or security patches hence they are pretty vulnerable.

These types of systems are usually found in Organizations, healthcare,Governments, and other critical areas due to expensive software running on them that is no longer supported by the vendor and is not compatible with the newer versions 

Here is a full list of the releases by Microsoft and their end date :

For older OS such as windows7 ( which is still used in critical sectors such as Governments, Medical areas, Financial, etc … ) or Windows Server 2008 we can use enumeration scripts such as : 

  1. Sherlock : https://github.com/rasta-mouse/Sherlock
  2. Windows Exploit Suggester :https://github.com/AonCyberLabs/Windows-Exploit-Suggester

These tools take the “system info” commands output as input and then compare the patch level to Microsoft’s vulnerability database to find potential missing patches and exploits available for them. However, it is still worthwhile to manually enumerate.

Window exploit suggester can also work on our end. All we have to do is copy the output of “systeminfo” from the victim host put it in a file and then give that file to the Windows exploit suggester which is a better option than transferring the tool and running it.

Windows exploit suggester and Sherlock might not run if Execution Policy is in place It’s a security feature by Microsoft that prevents the running of any scripts and a few other stuff.

We can simply bypass it :

To get information about patches and current system version we can use :

If we are doing it manually we can compare the patch level with the Microsoft vulnerability database to see which patches are missing and then locate exploits for them.

It’s always worth it to understand how the exploit works and what vulnerability it takes advantage of. Sometime exploits need some specific things to work even if the system patch level is vulnerable to it.

TIP: Metasploit’s meterpreter can give us a lot of value such as modules that can be used for persistence, Data Exfiltration, Exploit suggestions, Privilege escalation, etc ….

Note: There is nothing wrong with using scripts or exploits written by other people without understanding them. However, I highly encourage the reader to try to understand them to have a better understanding of overall vulnerabilities and missing configurations as well as prevention mechanisms that are in place for the newer versions of that system/application. if you don’t understand the code maybe look for a write-up that explains how and why exploit works and think of how you will fix it 

Hope you enjoyed this blog , see you in the next one CIAO