Metasploit mailing list archives
Problems getting IE exploits to run
From: hdm at metasploit.com (H D Moore)
Date: Fri, 16 Jun 2006 00:01:15 -0500
On Thursday 15 June 2006 23:53, Wang, Kathy wrote:
- Using ie_createtextrange exploit in Metasploit framework with win32_exec payload and default options (HTTPPORT is 8080, EXITFUNC is seh) and CMD is set to "echo foo > c:\test.txt"
Try setting CMD to "cmd.exe /c echo foo > C:\\test.txt"
- Same as above, except now I'm using ie_iscomponentinstalled exploit
Windows XP 2002 already contains a patch for this bug IIRC.
- Windows XP Professional version 2002 SP2 with IE 6.0.2900.2180 browser - Using ie_createtextrange exploit with win32_exec payload, and default options, and same CMD option as above cases
Try the change to the CMD parameter listed above. If that fails, try using a different payload, such as win32_bind, win32_reverse, or the VNC injection/Meterpreter payloads. Please report any success/failure differences off-list.
Is there something obvious that I'm doing wrong here? I thought for example, that ie_createtextrange worked on Windows XP SP2, but that was one of my test cases, and it didn't work in my case.
It sounds like its just a payload issue. The problem is that Windows doesn't have a command called "echo", only one called "cmd" that parses "echo" as an internal command. Good luck! -HD
Current thread:
- Problems getting IE exploits to run Wang, Kathy (Jun 15)
- Problems getting IE exploits to run H D Moore (Jun 15)
- ie_createtextrange [Was: Problems getting IE exploits to run] Angelo Dell'Aera (Jun 20)