Metasploit mailing list archives

Internet Explorer createTextRange() Code Execution

From: michael.wood at uct.ac.za (Michael Wood)
Date: Tue, 3 Apr 2007 17:17:41 +0200

On Tue, Apr 03, 2007 at 10:56:23PM +0800, Rory Garton Smith wrote:

Greetings Mailing List

Small hold up while running an exploit today. I was testing out "Internet
Explorer createTextRange() Code Execution" (aka:
windows/browser/ms06_013_createtextrange) on my Windows XP box in the other
room. Using the windows/shell_reverse_tcp payload. I set up all of the
information, and then launched the exploit, and this is what the terminal
read:

exploit

[*] Started reverse handle
[*] Using URL: http://10.1.1.5:49160/jC28sNY
[*] Server started.
[*] Exploit running as background job.

msf exploit(ms06_013_createtextrange) >

Is this what is supposed to occur? Because after this point, I waited for a
great deal of time, just, nothing happened.
I'm probably missing some huge important step here, any help = greatly
appreciated.


Go to the machine you want to exploit, start up Internet
Explorer and type in: http://10.1.1.5:49160/jC28sNY

Then go back to where you're running msf and see what has
happened.

-- 
Michael Wood <michael.wood at uct.ac.za>

Current thread:

Internet Explorer createTextRange() Code Execution Rory Garton Smith (Apr 03)
- Internet Explorer createTextRange() Code Execution H D Moore (Apr 03)
  - Internet Explorer createTextRange() Code Execution Donnie Werner (Apr 03)
    - Internet Explorer createTextRange() Code Execution Rory Garton Smith (Apr 04)
    - Internet Explorer createTextRange() Code Execution Donnie Werner (Apr 04)
- Internet Explorer createTextRange() Code Execution Michael Wood (Apr 03)