(adsbygoogle = window.adsbygoogle || []).push({}); Okay hopefully SOMEONE here will be able to help me out, I have a good idea on what Im doing except I suck at finding stuff so thats why Im asking to see if anyone has knowledge on an available exploit. I know for sure my target box has port 80 open which is a big no no and is running IIS v7. Normally IIS is exploitable if port 80 is open but let me finish... the box is running windows vista home prem with SP2 I believe which fixes the possible entry point I mentioned using IIS, since vista SP2 supposedly fixed it.

I know previous version 5, 6 of Microshafts IIS was exploitable and even if they worked with the current version on my target box they would have been patched. I have searched exploit DB and packetstorm and so far nadda.

The ONLY other services I can find from the target are:

Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) which is open on 2869, 5357 and, 10243

netbios-ssn - Seems most likely to be the next chance to exploit

Microsoft Windows RPC - quite a few open ports running this service. I know there are exploits for this but I don't think they are recent.


If you think you can link me to a good exploit that would be great! I would love to go through the IIS but I don't think there's any chance since there is no other services such as Apache, MySQL, PHP etc. This leaves out all injection really since its just HTML and I would probably have better luck through another service.

Help?