Metasploit mailing list archives
Re: ie_unsafe_scripting
From: egypt () metasploit com
Date: Sun, 25 Oct 2009 10:26:04 -0600
There's already a module to do this (with the same name, in fact). I'll try to take a look at it and see if there are any improvements we can use. Thanks, egypt On Fri, Oct 23, 2009 at 1:31 PM, spinbad <spinbad.security () googlemail com> wrote:
Hi Attached you find a exploit module which can be used if a administrator set the IE security zone setting "Initialize and script ActiveX controls not marked as safe" to "enable". The default setting is "disabled", but I had two cases where it was enabled for the intranet zone in a large network, making it a perfect attack vector for internal pentests. Hope you like it. Would be cool if someone buts it into the SVN. spinbad _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- ie_unsafe_scripting spinbad (Oct 23)
- Re: ie_unsafe_scripting egypt (Oct 25)