We promised various people that we would be following up the a real blow by blow of our exploit of Harold Wong's Windows 7 machine.
It's published over on hackfest.obnosis.com under:
Possible ways to attach Harold Wong's Windows 7:
Network port attack vector:
Open ports:
3389
2638
Using RDP we could do either a RDP MITM attack or a Hydra dictionary attack to the listening service itself.
Example RDP MITM:
http://www.irongeek.com/i.php?page=videos/cain-rdp-terminal-server-mitm-...
Should get RDP Windows7 via MITM if possible with loose encryption in a real world situation where RDP traffic connections were working which we could arp cache poison.
Just having the port open we would have to do a hydra dictionary attack, and Harold informed us that he used secure passwords.
Therefore the only real attack vector we ever had open was social engineering to get him to click on an exploit delivered via insecure file sharing.
Sending a Kaseya agent, liveperson cookie, or metasploit payload via pdf in mail after getting assurance of his willingness to open it by asking him to look at it attached to email.
In the real world test Lisa Kachold delivered a pdf exploiting Adobe, but since Harold Wong wisely doesn't use Adobe for his pdf's, it failed.
No-one crafted nor delivered a RDP "package" for email delivery, which would have worked best: http://www.gnucitizen.org/blog/remote-desktop-command-fixation-attacks/
Additionally, we might have to obfuscate, in a real world situation, code in our pdf, or it will not be accepted as an attachment in Gmail. If Harold Wong was using Microsoft Outlook directly to a MS based Mail Transport Authority, we have a better chance of getting our PDF accepted, depending on spam/virus protection.
Harold Wong used a regular user desktop, without file sharing available, configured for the "Internet Zone" without additional firewall or virus checking add-ons.
No flags were delivered by our team for Harold Wong.*
So, as heretic as it might seem, this completely debugs the myth that "Microsoft 7 out of the box is more secure than Linux".