Metasploit Unleashed

Who's done it? What were your thoughts?

Comments

  • the_hutchthe_hutch Banned Posts: 827
    Also, I noticed that the lab environment calls for XP SP2 (doesn't really explain why) but my technet account only has SP3 available for download. I didn't run into any problems with the setup and configuration. Does anyone know if this will cause any problems as I progress through the modules?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,900 Admin
    To learn exploitation, you must use modern test subjects that have vulnerabilities that are exploitable. WinXP SP2 certainly falls into this category. WinXP SP3 has fewer holes to poke at.
  • the_hutchthe_hutch Banned Posts: 827
    For the sake of finding more "pokable holes"...does anyone happen to know where I can find a copy of SP2...since Microsoft no longer has it available on TechNet?
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    I was under the impression you could uninstall SP3? Thus you would then have SP2? Could be wrong....
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • the_hutchthe_hutch Banned Posts: 827
    Paul, that looks like the network installation for the service pack 2, but i need an actual ISO with service pack 2 or earlier.

    Grinch...I'm googling now to see if there is a way to remove the SP after installed. I'll let you know what I find.
  • the_hutchthe_hutch Banned Posts: 827
    Method 1: Use the "Add or Remove Programs" item in Control Panel
    1. Click Start, and then click Run.
    2. Copy and then paste the following command in the Open box, and then press ENTER: appwiz.cpl
    3. Click to select the Show Updates check box.
    4. Click Windows XP Service Pack 3, and then click Remove.
    5. Click Finish to restart the computer after the removal process is complete.


    Method 2: Use the hidden $NtServicePackUninstall$ folder
    1. Click Start, click Run, type c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe in the Open box, and then click OK.
    2. When the Windows XP Service Pack 3 Removal Wizard starts, click Next.
    3. Follow the instructions on the screen to remove Windows XP SP3

    From How to remove Windows XP Service Pack 3 from your computer
  • the_hutchthe_hutch Banned Posts: 827
    Alright, gonna try this when I get home. Sounds like it is written for systems that have had the SP3 pushed and did not start with it integrated into the initial install. So not sure if it will work. But I'll let you know in a few hours.
  • RipVanWinkleRipVanWinkle Registered Users Posts: 1 ■□□□□□□□□□
    I do not think you can uninstall sp3 if that is what it was installed with

    Learn how to install Windows XP Service Pack 3 (SP3)
  • the_Grinchthe_Grinch Member Posts: 4,165 ■■■■■■■■■■
    Seems I was incorrect...

    How the machine was installed originally. If it was cleanly installed with an integrated Windows XP SP3 CD - then you cannot remove SP3, for example.
    WIP:
    PHP
    Kotlin
    Intro to Discrete Math
    Programming Languages
    Work stuff
  • swildswild Member Posts: 828
    yes, you can only uninstall SP3 if you upgraded from SP2 or earlier by applying the SP3 package. I personally would rather work with SP3 or Win7, it's going to be harder, but that's the point; is it not? Even SP3 is coming up on EoL.
  • the_hutchthe_hutch Banned Posts: 827
    Well, rolling back on the integrated ISO didn't work, but I did manage to find a copy of SP2 on torrent. Not usually the type to torrent stuff, but considering its no longer a supported OS and I have a MS TechNet account, I don't think Bill Gates will be too upset with me.
  • the_hutchthe_hutch Banned Posts: 827
    swild wrote: »
    yes, you can only uninstall SP3 if you upgraded from SP2 or earlier by applying the SP3 package. I personally would rather work with SP3 or Win7, it's going to be harder, but that's the point; is it not? Even SP3 is coming up on EoL.

    I agree with you to an extent. But I think it is important to learn the capabilities of Metasploit...and for that reason, I want to use the same configurations described within the tutorials. When something doesn't work, I don't want to have to wonder if it is because I'm doing it wrong, or because the issue is patched on SP3. Once I've gone through the exercises on MSFU, I'll work my way up to more up-to-date OSs.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,900 Admin
    the_hutch wrote: »
    Well, rolling back on the integrated ISO didn't work, but I did manage to find a copy of SP2 on torrent. Not usually the type to torrent stuff, but considering its no longer a supported OS and I have a MS TechNet account, I don't think Bill Gates will be too upset with me.
    Realize that when you are buying a copy of Windows you are actually buying only a product activation key (PID) and not the actual bits that make up Windows itself. As long as you have a paid-for key, and you are using it within the terms of the EULA, it matters not where you got the bits you will be activating with it. But please, make sure you verify the SHA-1 value against the hash values for the same OS image posted on TechNet or MSDN. That's the only way I'd ever trust an OS that I downloaded from a public P2P network.
  • the_hutchthe_hutch Banned Posts: 827
    Good point JD. I was able to successfully use my technet xp license to register the OS, so I'm assuming no foul. Also, I did verify the hash value and it checks out.
Sign In or Register to comment.