I needed to convince someone that patching Windows is necessary. That’s why I made him a short video clip where I use Metasploit 2.6 to exploit vulnerability MS06-040 on a Windows 2000 SP4 server, and now I decided to share it with you.
I create a remote shell on the attacked server, connect to it and change the administrators password to Hacked.
The Metasploit web interface is used to create a higher visual impact.
Is there any way of increasing the size of the video. I cannot read the screens very well.
Comment by Charlene — Friday 1 September 2006 @ 14:55
Sorry, this is the highest resolution supported by YouTube, but I’ll see what I can do.
Didier
Comment by Didier Stevens — Friday 1 September 2006 @ 16:53
I’ve posted a hires version here: http://didierstevens.com/files/Metasploit-MS06-040-xvid.avi
If you’ve problems playing the movie, it’s encoded with the XviD codec: http://www.xvidmovies.com/codec/
Comment by Didier Stevens — Friday 1 September 2006 @ 20:31
[…] I needed to convince someone that patching Windows is necessary. That’s why I made him a short video clip where I use Metasploit 2.6 to exploit vulnerability MS06-040 on a Windows 2000 SP4 server, and now I decided to share it with you. I create a remote shell on the attacked server, connect to it and change the administrators password to Hacked. Full Story […]
Pingback by TechnologyFrog » Blog Archive » Metasploit MS06-040 Demo — Saturday 2 September 2006 @ 1:20
[…] Recently the exploit of a Vulnerability (MS06-040) in Windows’s Server Service Could Allow a hacker to run malicious code on a remote system. Well Its all well and good that Microsoft have identified this as a “possible” security threat and have made an update but what does it look like in action? Didier Stevens has made a video clip showing the exploit in action (using Metasploit) on a Windows 2000 SP4 server to “convince someone that using windows update was necessary.” (I would have to agree with him there after seeing this in action) […]
Pingback by Metasploit MS06-040 Demo » MSBLOG — Monday 4 September 2006 @ 10:28
Is the same bug exploitable for a Win 2003 SP1 target?
Comment by Tom Buelens — Friday 25 January 2008 @ 10:35
I didn’t test it on 2003 SP1, but according to the MS security bulletin MS06-040, it is also vulnerable.
Comment by Didier Stevens — Tuesday 29 January 2008 @ 20:10