6 - Legacy Systems

Microsoft versions are either under:

• Ongoing support => Updates released frequently

• Extended support => Grace period, updates still released

• End of life => Updates no longer released

End of life OS bring a lot of security issuesL

• Lack of support from software companies

• Hardware compatibility issues

• Security flaws

This is common in medical settings and local government, where the vendor for a critical application goes out of business or no longer provides support for an application, so the organization is stuck running it on a version of Windows XP or even Server 2000/2003.

This page lists the EOL dates for each windows version:

End Of Life Dates for Microsoft Windows and Office | Michael SpiceMichael Spice | Michael Spice IT Services

Looking for missing patches

A great thing to do on legacy system is to check patches.

First we check the latest patch:

wmic qfe

Then we can use sherlock (https://github.com/rasta-mouse/Sherlock) to find missing software patches for local privilege escalation vulnerabilities.

> Set-ExecutionPolicy bypass -Scope process
> Import-Module .\Sherlock.ps1
> Find-AllVulns

Windows-Exploit-Suggester

GitHub - strozfriedberg/Windows-Exploit-Suggester: This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.GitHub

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

It requires the 'systeminfo' command output

Usage

First we must install some dependencies:

> sudo wget https://files.pythonhosted.org/packages/28/84/27df240f3f8f52511965979aad7c7b77606f8fe41d4c90f2449e02172bb1/setuptools-2.0.tar.gz
> sudo tar -xf setuptools-2.0.tar.gz
> cd setuptools-2.0/
> sudo python2.7 setup.py install

> sudo wget https://files.pythonhosted.org/packages/42/85/25caf967c2d496067489e0bb32df069a8361e1fd96a7e9f35408e56b3aab/xlrd-1.0.0.tar.gz
> sudo tar -xf xlrd-1.0.0.tar.gz
> cd xlrd-1.0.0/
> sudo python2.7 setup.py install

Then run systeminfo on the target and save the output in a .txt file

Update the windows vulnerabilility database:

sudo python2.7 windows-exploit-suggester.py --update

This should have created a .xls file YYYY-MM-DD-mssb.xls

Finally we can run windows exploit suggester:

python2.7 windows-exploit-suggester.py  --database YYYY-MM-DD-mssb.xls --systeminfo win7lpe-systeminfo.txt