These are the older Windows servers, that is, Windows 2000 and Windows Server 2003. Even though the Windows 2000 server has been out for many years, it is not uncommon to find one when you are testing. This is especially true when you are testing Supervisory Control and Data Acquisition (SCADA) systems. It is quite common to see these systems on SCADA networks. As you may recall, we covered using the tool Shodan earlier in the book to search for SCADA systems, so you can refer to that if you need a refresher.

The Windows Server 2003 platform has had a number of vulnerabilities that we might be able to leverage. We have covered a number of methods to do this, so when you encounter any of these machines, you can use those techniques to discover potential exploits.

Windows Server 2008, 2012, and 2016 servers represent a different approach to security for Microsoft and, as such, have proven to be hard targets for the most part, especially the 64-bit versions. In fact, at the time of writing this book, the available 64-bit exploits were not that many.

An example for a search of 64-bit exploits in the exploit database is shown in the following screenshot:

As the previous screenshot shows, there are limited results returned when we search for 64-bit exploits in the Exploit DB. This is a good indication that the latest versions of Microsoft are providing a challenge when it comes to writing exploit code; therefore, the more common method of compromising these operating systems is via a configuration error or an application that is running on the machine.

There are still some Unix servers that you might encounter when testing, but there will not be many exploits when you search for them. This is a part of the fact that the most targeted platform is Windows, and as such, there are very few people who target Unix. Additionally, there are not that many commercial Unix providers. There is still Solaris, so we can conduct a search for Solaris exploits. An example of the results of this search is shown in the following screenshot:

The Linux OS has continued to increase in popularity, and with it, the number of discovered vulnerabilities has also increased. There are lots of Linux distributions today, and there is a chance that you will encounter a variety of them when testing. A search of the Exploit DB site is shown in the following screenshot:

As the previous screenshot shows, there are a number of exploits available for 2016, so the exploit writers continue to explore the Linux code for weaknesses.

A common misconception is that there are no exploits for the MAC OS. Well, to refute this, we first have to understand that MAC is based on Unix; therefore, it has the potential to have similar types of vulnerabilities. A search for the Exploit DB is shown in the following screenshot:

As the previous screenshot shows, we do have some exploits available for the OS X of the MAC machine.