394    Chapter 6 • Infrastructure Security: Devices and Media

             workstation to be unable to communicate and can also overload the system to the
             point that it becomes non-functional.
                 In addition, workstations using the Windows OS usually have additional ports
             open for using NetBIOS.This introduces vulnerabilities that can allow attackers to
             remotely access files on the workstation.This is more secure under Windows NT
             or Windows 2000/XP Pro using the New Technology File System (NTFS), but can
             present a real problem under Windows 95/98/Me. Even if the shares on a system
             are password-protected, they can be easily hacked.Administrators should always be
             careful of open shares on the system.Workstations are also vulnerable to MITM
             attacks or hijacked sessions.These attacks allow an attacker to monitor or control
             communications between the workstation and another system.
                 Other exploit functions of the operating system are provided through external
             libraries or other software, which is likely to be running on a workstation. For
             example,Windows workstations come with Microsoft Internet Explorer (IE) pre-
             installed. If the user of the workstation uses IE, they are vulnerable to attacks
             against both the Windows OS itself and IE. Some recently exploited vulnerabilities
             focus on the way that the OS or ancillary software handles specific files such as
             images or VML messages.These attacks use vulnerabilities discovered in external
             library files, which cause the OS or application to modify the way they behave due
             to certain data being processed through the library files.An example of this type of
             attack can be seen in Exercise 6.02.


              EXERCISE 6.02


              PERFORMING A SIMPLE METASPLOIT ATTACK
                  For this exercise, you will be using one of the many freely available
                  exploit programs to perform an attack. Metasploit is an excellent pene-
                  tration testing application that allows you to very quickly and easily
                  generate an attack against a vulnerable host. While Metasploit does
                  have the ability to check hosts for specific vulnerabilities, it is generally
                  faster to use a separate scanning tool to find vulnerable systems on your
                  network and then to use Metasploit to test them. Metasploit can be
                  found at www.metasploit.org. For this exercise, we will be using version
                  3.0 beta 3.
                      The specific exploit used in this example uses a vulnerability found in
                  Winamp version 5.12 and uses the IE browser in conjunction with a
                  Winamp playlist. More details on this exploit can be found at www.secu-
                  rityfocus.com/bid/16410.



          www.syngress.com