Metasploit mailing list archives

Problems getting IE exploits to run

From: hdm at metasploit.com (H D Moore)
Date: Fri, 16 Jun 2006 00:01:15 -0500

On Thursday 15 June 2006 23:53, Wang, Kathy wrote:

- Using ie_createtextrange exploit in Metasploit framework with
win32_exec payload and default options (HTTPPORT is 8080, EXITFUNC is
seh) and CMD is set to "echo foo > c:\test.txt"


Try setting CMD to "cmd.exe /c echo foo > C:\\test.txt"

- Same as above, except now I'm using ie_iscomponentinstalled exploit


Windows XP 2002 already contains a patch for this bug IIRC.

- Windows XP Professional version 2002 SP2 with IE 6.0.2900.2180
browser - Using ie_createtextrange exploit with win32_exec payload, and
default options, and same CMD option as above cases


Try the change to the CMD parameter listed above. If that fails, try using 
a different payload, such as win32_bind, win32_reverse, or the VNC 
injection/Meterpreter payloads. Please report any success/failure 
differences off-list.

Is there something obvious that I'm doing wrong here? I thought for
example, that ie_createtextrange worked on Windows XP SP2, but that was
one of my test cases, and it didn't work in my case.


It sounds like its just a payload issue. The problem is that Windows 
doesn't have a command called "echo", only one called "cmd" that parses 
"echo" as an internal command.

Good luck!

-HD

Current thread:

Problems getting IE exploits to run Wang, Kathy (Jun 15)
- Problems getting IE exploits to run H D Moore (Jun 15)
- ie_createtextrange [Was: Problems getting IE exploits to run] Angelo Dell'Aera (Jun 20)