Metasploit mailing list archives
Spam: InternetExplorer Payloads
From: rsrivastwa at yahoo.com (Rohit Srivastwa)
Date: Mon, 30 Jul 2007 19:03:38 -0700 (PDT)
Its a client side exploit. The service is started by metsploit. All you have to do now is open "http://192.168.1.111:8080/exp" in IE6 on the client which you want to exploit Once you click the url on client, you might not get anything interesting there but something interesting will be waiting for you under sessions. HTH ./Rohit --Through the Firewall,Out the Router,Down the T1,Across the Backbone,Bounced from Satellite ---- Nothing but the Internet ----- Original Message ---- From: Robin Kipp <robin.kipp at gmx.de> To: framework at metasploit.com Sent: Tuesday, July 31, 2007 3:39:33 AM Subject: [framework] Spam: InternetExplorer Payloads Hey all, Just downloaded Metasploit and it really seems to be fun, I just successfully nuked the ICS service in my network. Now I wanted to exploit InternetExplorer 6 on my Windows XP Sp2 laptop. Some of the exploits displayed some strange signs in the browser window, and some even closed the InternetExplorer with an error message. However, I wasn't able to control my laptop from a command shell on my comp. Here's exactly what happens: For example, let's select the Internet Explorer createTextRange() Code Execution on the web console. As the target, I select Internet Explorer 6 - (6.0.3790.0 - Windows XP SP2). Then, I select generic/shell_bind_tcp on the next screen to get a console when someone connected to my server. SRVHOST is my intranet IP, SRVPORT is 8080, URIPATH is "exp" and LPORT is 4444. Now when I click on "Launch Exploit", The following lines appear: # # ###### ##### ## #### ##### # #### # ##### ## ## # # # # # # # # # # # # # ## # ##### # # # #### # # # # # # # # # # # ###### # ##### # # # # # # # # # # # # # # # # # # # # # ###### # # # #### # ###### #### # # =[ msf v3.0 + -- --=[ 191 exploits - 106 payloads + -- --=[ 17 encoders - 5 nops =[ 36 aux [*] Using URL: http://192.168.1.111:8080/exp [*] Server started. [*] Exploit running as background job. Now let's open the URL http://192.168.1.111:8080/exp from the laptop. A % sign appears in the browser window and the line [*] Started bind handler Appears in the web console. However, when I go to "sessions", I don't see anything helpful, just the message that there are no sessions. Is there anything I can do so I can exploit my own InternetExplorer? :-) Thanks! Robin ____________________________________________________________________________________ Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when. http://tv.yahoo.com/collections/222
Current thread:
- Spam: InternetExplorer Payloads Robin Kipp (Jul 30)
- Spam: InternetExplorer Payloads Patrick Webster (Jul 30)
- Nessus Report Import Tim Schellenberger (Jul 31)
- Spam: RE: Spam: InternetExplorer Payloads Robin Kipp (Jul 31)
- Spam: RE: Spam: InternetExplorer Payloads Jerome Athias (Jul 31)
- <Possible follow-ups>
- Spam: InternetExplorer Payloads Rohit Srivastwa (Jul 30)
- Spam: InternetExplorer Payloads Patrick Webster (Jul 30)