Spam: InternetExplorer Payloads

[rsrivastwa at yahoo.com (Rohit Srivastwa)]

Its a client side exploit. The service is started by metsploit.
All you have to do now is open "http://192.168.1.111:8080/exp"; in IE6 on the client which you want to exploit
Once you click the url on client, you might not get anything interesting there but something interesting will be 
waiting for you under sessions.


HTH
./Rohit
 
--Through the Firewall,Out the Router,Down the T1,Across the Backbone,Bounced from Satellite ---- Nothing but the 
Internet

----- Original Message ----
From: Robin Kipp <robin.kipp at gmx.de>
To: framework at metasploit.com
Sent: Tuesday, July 31, 2007 3:39:33 AM
Subject: [framework] Spam: InternetExplorer Payloads

Hey all,
Just downloaded Metasploit and it really seems to be fun, I just
successfully nuked the ICS service in my network. Now I wanted to
exploit InternetExplorer 6 on my Windows XP Sp2 laptop. Some of the
exploits displayed some strange signs in the browser window, and some
even closed the InternetExplorer with an error message. However, I
wasn't able to control my laptop from a command shell on my comp. Here's
exactly what happens:
For example, let's select the Internet Explorer createTextRange() Code
Execution on the web console. As the target, I select Internet Explorer
6 - (6.0.3790.0 - Windows XP SP2).
Then, I select generic/shell_bind_tcp on the next screen to get a
console when someone connected to my server.
SRVHOST is my intranet IP, SRVPORT is 8080, URIPATH is "exp" and LPORT
is 4444.
Now when I click on "Launch Exploit", The following lines appear:
#    # ###### #####   ##    ####  #####  #       ####  # #####
##  ## #        #    #  #  #      #    # #      #    # #   #
# ## # #####    #   #    #  ####  #    # #      #    # #   #
#    # #        #   ######      # #####  #      #    # #   #
#    # #        #   #    # #    # #      #      #    # #   #
#    # ######   #   #    #  ####  #      ######  ####  #   #

       =[ msf v3.0
+ -- --=[ 191 exploits - 106 payloads
+ -- --=[ 17 encoders - 5 nops
       =[ 36 aux

[*] Using URL: http://192.168.1.111:8080/exp
[*] Server started.
[*] Exploit running as background job.
Now let's open the URL http://192.168.1.111:8080/exp from the laptop. A
% sign appears in the browser window and the line
[*] Started bind handler
Appears in the web console. However, when I go to "sessions", I don't
see anything helpful, just the message that there are no sessions. Is
there anything I can do so I can exploit my own InternetExplorer? :-)
Thanks!
Robin






       
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when. 
http://tv.yahoo.com/collections/222