If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Can WannaCrypt infect a Windows 98 system
I've only heard it can infect Windows XP and newer versions of Windows.
What about Win98, or Win95, WinME, or Windows 2000? Anyone know? |
#2
|
|||
|
|||
Can WannaCrypt infect a Windows 98 system
On Tuesday, May 16, 2017 at 11:40:06 PM UTC-6, wrote:
I've only heard it can infect Windows XP and newer versions of Windows. What about Win98, or Win95, WinME, or Windows 2000? Anyone know? It uses a process that 98 is using for file sharing across networks (SMBv1) in order to install itself which doesn't look good. MS did release an update for XP SP3 but no earlier windows. Quick fix for newer windows is to disable SMBv1, but it's all we got for 98 networking. Short answer - no, I don't see where we are 'safe', not yet at least. |
#3
|
|||
|
|||
Can WannaCrypt infect a Windows 98 system
wrote:
I've only heard it can infect Windows XP and newer versions of Windows. What about Win98, or Win95, WinME, or Windows 2000? Anyone know? There's the bulletin, but it's not going to care about older OSes. Notice that Microsoft has patched WinXP, but it doesn't get an entry here (because WinXP is out of support). I don't know whether WePOS would be documented in one of these or not. https://technet.microsoft.com/en-us/.../ms17-010.aspx ******* https://www.reddit.com/r/sysadmin/co...ut_that_scans/ Of which one tool is listed as: https://github.com/topranks/MS17-010_SUBNET You can then open the Python source for a look. This is so you can review how they're testing. https://github.com/topranks/MS17-010...mb_ms17_010.py Note the mis-spellings in the source. And we all know what that means. Needs a spell checker :-) The source appears to be crafting a DoublePulsar exploit of sorts and looking for a characteristic response. So my presumption is, that test does *more* than just check for an open port 445, it actually attempts to use the vulnerability in some way. Which in theory could tell you if a Win98 box was vulnerable. The hardest part of using Python, is sorting out the versions. I'm not a Python jockey and cannot guess whether that'll run on some other version of Python you happen to have. So that program would appear to be tickling each system in the appropriate spot, rather than just checking whether port 445 is open. You can also try "DoublePulsar smbv1" in a Google search, but be careful with what turns up. Using a scanning tool that scans from the *WAN* side of your LAN, doesn't tell much of a story (can't punch through your stateful IPv4 NAT router). You want to scan the LAN side. Like use one of your LAN machines, to check the rest of them. Perhaps you can scan the scanning machine itself using 127.0.0.1 as the IP address ? That's if you don't want to have to set up Python on a second machine. ******* OK, I did the best I could to test it. +-------------------+ +--------------------------------------- | WinXP Host | --- | LinuxMint 18.1 scanning machine | 192.168.2.100 | | python2 smb_ms17_010.py 127.0.0.1 | | python2 smb_ms17_010.py 192.168.2.100 | +--------------+ | python2 smb_ms17_010.py 192.168.2.110 | | VPC2007 | | Win98SE | | Guest | | 192.168.2.110 This is the result: https://s3.postimg.org/v6jnzsj9f/scan.gif 127.0.0.1 Errno 111 Connection refused (Linux scans itself, Samba server not running on default LiveCD bootup so port 445 is not open.) 192.168.2.100 VULNERABLE (Windows 5.1) (An unpatched WinXP SP3 machine) 192.168.2.110 Errno 111 Connection refused (The Win98SE virtual machine) I tested the Win98SE VM twice. The first call was before the Linux box *mounted* the Win98SE share. The second call was after the Win98SE share was successfully mounted (presumably by SMBv1 protocol). So while SMB seemed to be working from the Linux test machine to the Win98SE serving side, the DoublePulsar test didn't trip off. That's not a definitive test (because the Win98SE was inside a VM, and you could argue "it's not the same"), but I was able to mount the share the Win98SE machine provides to the world. That share is completely insecure by the way. The MINT machine doesn't even present a password box when it touches that. If the MINT (test) machine tries for a share on WinXP, the usual boring password box appears, and I have to log in. For the exploit to work, the password doesn't matter. WinXP SP3 could be tipped over, with the right payload sent. That's what VULNERABLE means. If WannaCrypt gets loose in my LAN, the WinXP SP3 machine could get "wormed". I removed the WinXP patch on purpose (4012598). For the Win98SE machine to get tipped over, some better code would be needed at a guess. You can never really be sure how many vulnerabilities are out there, and this one test doesn't prove Win98 is "bulletproof", merely "inconvenient to attack". So maybe we can rate Win98 as "security by obscurity". Only Microsoft knows the true situation, and they don't really have an incentive to even speak the word "Win98" any more. Paul |
#4
|
|||
|
|||
Can WannaCrypt infect a Windows 98 system
|
#5
|
|||
|
|||
Can WannaCrypt infect a Windows 98 system
On 05/17/17 22:27, Good Guy wrote:
On 17/05/2017 05:37, wrote: I've only heard it can infect Windows XP and newer versions of Windows. What about Win98, or Win95, WinME, or Windows 2000? Anyone know? No because Windows 98 users are likely to be very poor using their system to pass time. It is never interesting to hack their system because you won't find anything of interest and you won't get any publicity for doing so. This shows how stupid microsoft users who got hit by wannacry are. Of course it affects ms-windows 98, it affects all versions which supports smb version 1. |
#6
|
|||
|
|||
Can WannaCrypt infect a Windows 98 system
In message , Lee
writes: On Tuesday, May 16, 2017 at 11:40:06 PM UTC-6, wrote: I've only heard it can infect Windows XP and newer versions of Windows. What about Win98, or Win95, WinME, or Windows 2000? Anyone know? It uses a process that 98 is using for file sharing across networks (SMBv1) in order to install itself which doesn't look good. MS did release an update for XP SP3 but no earlier windows. Quick fix for Doesn't help here, but ISTR seeing XP SP2 mentioned. newer windows is to disable SMBv1, but it's all we got for 98 networking. Short answer - no, I don't see where we are 'safe', not yet at least. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf I remember a lot of questions on a vocalist forum about the problems singing "There is a balm in Gilead" without making it sound like a security alert. - Linda Fox in UMRA, 2010-11-19 |
#7
|
|||
|
|||
Can WannaCrypt infect a Windows 98 system
J.O. Aho wrote:
On 05/17/17 22:27, Good Guy wrote: On 17/05/2017 05:37, wrote: I've only heard it can infect Windows XP and newer versions of Windows. What about Win98, or Win95, WinME, or Windows 2000? Anyone know? No because Windows 98 users are likely to be very poor using their system to pass time. It is never interesting to hack their system because you won't find anything of interest and you won't get any publicity for doing so. This shows how stupid microsoft users who got hit by wannacry are. Of course it affects ms-windows 98, it affects all versions which supports smb version 1. For some reason, the emulation of DoublePulsar written in Python, cannot contact a Win98SE machine. Yes, the Mint machine in question, was able to mount the share that sits on the Win98SE machine. The second attempt to reach node 110 (the Win98SE machine), still fails to connect, even though port 445 has been proven to work at that point in time. (The share is mounted between the first and second test to 110.) https://s3.postimg.org/v6jnzsj9f/scan.gif The machine at 100, a WinXP Sp3 machine (where the patch was removed), reports VULNERABLE when scanned. I don't consider this test to be all that comforting, and provided it as some evidence we *do* occasionally check this stuff. For *fun* of course. The odds of me actually getting WannaCrypt, are roughly the previous odds of me getting Locky. A little Safe Hex goes a long way. Safe Hex is difficult to teach. I've tried a few times, and there are people who continue to "click everything" and keep coming back to newsgroups, infected. Most of the time, the infection is just adware, but it's still a bad sign that it's one infection after another. And that's *with* a number of products, an AV product, malwarebytes realtime, Adwcleaner and a few others. So if you cannot practice Safe Hex, there is no combination of products that seems to be able to keep you safe. It turns out, Safe Hex is a "premium" product and worth every penny. Paul |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
System Restore & Windows ME System Recovery Cds :(:(:( | izzattar | Hardware | 7 | December 9th 06 07:45 AM |
Windows 98SE KB891711 Component altered Windows system files. | JJ | Software & Applications | 1 | December 31st 05 12:58 PM |
SYSTEM.INI file C:WINDOWS\SYSTEM\vshinit.vxd needs to be replaced | kristen10ten | General | 2 | November 3rd 05 01:32 AM |
Windows KB891711 component has altered Windows system files | AMEN | General | 1 | November 1st 05 02:39 PM |
How to change Windows 98 Help System to English in a dual/language(Thai/English) system | Jeffrey Race | General | 1 | October 6th 04 09:34 AM |