Metasploit mailing list archives
Client side attacks - reverse connection through HTTP proxy
From: natron at invisibledenizen.org (natron)
Date: Mon, 22 Dec 2008 16:24:38 -0600
Additionally, downloadexec works in that environment too. You can combine the two to make passivex work with IE7/IE8. The reason passivex doesn't work anymore is because of some new permissions that have to be set. So, if you make a little .vbs script or similar that will nuke the right registry entries, passivex will load and all will work correctly. I've used a .vbs file that: 1) modifies the registry entries correctly for IE7/IE8 2) launches IE7 pointed towards your passivex handler FYI, in my testing of this payload, I realized that the current stage1 loader completely nukes the security settings for IE6 for the Internet zone. That's bad, bad, bad. If you use it in real PT environment, realize that you have to come back later and clean up those registry settings or that computer is likely to get infected all day on the internet. It will accept arbitrary activex from anyone and and automatically run it. Track down the uninformed article on passivex for the details. But anyway, currently, the .vbs file has to be put into a self-extracting archive to get it to work correctly, which is stupid. I haven't had time to get the bugs ironed out so that you can do it all within msf. Once I get that done, I'll send it out to the group. n 2008/12/22 Taras P. Ivashchenko <naplanetu at gmail.com>:
On Mon, 22 Dec 2008 16:50:09 -0500 ArcSighter Elite <arcsighter at gmail.com> wrote: At this moment IE6 is the most popular on win corporate desktops as I think and it's only one capability in Metasploit to by pass target's firewall through HTTP proxy using IE proxy settings. By the way it will interesting to try it :)-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Taras P. Ivashchenko wrote:ArcSighter Elite, thanks! I will try it.If PassiveX stager would work on IE7/8 that would be awesome. It's all you need. It's basically IE connecting. And only uses POST/GET.Hey, hey! I just said that if it would work in IE7/8. Currently, it only works against IE6 as far as I know. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJUAszH+KgkfcIQ8cRAoqVAKDHSu69MroNHuN6/WkNAYryeZu7vgCgpLdx /WaiO4BF/4DcZXhq4PMGWDs= =uOmM -----END PGP SIGNATURE------- ????? ???????? (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
Current thread:
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy ArcSighter Elite (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy ArcSighter Elite (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy H D Moore (Dec 22)
- Client side attacks - reverse connection through HTTP proxy natron (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Ty Miller (Dec 22)
- Client side attacks - reverse connection through HTTP proxy Taras P. Ivashchenko (Dec 22)
- Client side attacks - reverse connection through HTTP proxy ArcSighter Elite (Dec 22)