Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ie_unsafe_scripting

From: egypt () metasploit com
Date: Sun, 25 Oct 2009 10:26:04 -0600
There's already a module to do this (with the same name, in fact).
I'll try to take a look at it and see if there are any improvements we
can use.

Thanks,
egypt

On Fri, Oct 23, 2009 at 1:31 PM, spinbad
<spinbad.security () googlemail com> wrote:

Hi

Attached you find a exploit module which can be used if a administrator
set the IE security zone setting "Initialize and script ActiveX controls not
marked as safe"
to "enable".

The default setting is "disabled", but I had two cases where it was enabled
for
the intranet zone in a large network, making it a perfect attack vector for
internal
pentests.

Hope you like it. Would be cool if someone buts it into the SVN.

spinbad

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: