Metasploit mailing list archives
Re: What is the hottest exploit for IE and FF?
From: Jose Selvi <jselvi () pentester es>
Date: Mon, 07 Nov 2011 07:45:02 +0100
I fully agree with Carlos, you can use the exploit that todb told you, but you should modify it in order to make it work in a Spanish box. As a help, you can see the ROP String in the exploit's source code, in a "stack_data" variable: http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/adobe_cooltype_sing.rb Usually, some addresses in a Spanish box doesn't fit with this variable's comments, but you could find new ones on a Spanish box and create a new target option. If I were you, I would build a test environment as Carlos said, and then I would try to find a new ROP String for spanish boxes. Good Luck. Regards. El 27/10/11 23:55, Carlos Perez escribió:
Build a test environment that mimics the target an test, test and test On Oct 27, 2011, at 5:48 PM, Richard Miles <richard.k.miles () googlemail com> wrote:Hi todb. By "hot" I mean: - An exploit / vulnerability that affect the last version and older of the IE for example. - Reliable exploitation on the main languages (English and Spanish). - There is a well known and public way to bypass AVs (since all pdf and IE exploits that I tested from metasploit are detected by my AV). It's for client side. Any suggestions? Thanks.
-- Jose Selvi. Security Technical Consultant CISA, CISSP, CNAP, GCIA, GCIH, GPEN http://www.pentester.es _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- What is the hottest exploit for IE and FF? Richard Miles (Oct 26)
- Re: What is the hottest exploit for IE and FF? Roberto Espreto (Oct 26)
- Re: What is the hottest exploit for IE and FF? Richard Miles (Oct 27)
- Re: What is the hottest exploit for IE and FF? todb (Oct 27)
- Re: What is the hottest exploit for IE and FF? Richard Miles (Oct 27)
- Re: What is the hottest exploit for IE and FF? todb (Oct 27)
- Re: What is the hottest exploit for IE and FF? Richard Miles (Oct 27)
- Re: What is the hottest exploit for IE and FF? todb (Oct 27)
- Re: What is the hottest exploit for IE and FF? Richard Miles (Oct 27)
- Re: What is the hottest exploit for IE and FF? Carlos Perez (Oct 27)
- Re: What is the hottest exploit for IE and FF? Jose Selvi (Nov 06)
- Re: What is the hottest exploit for IE and FF? Sherif El-Deeb (Oct 27)
- Re: What is the hottest exploit for IE and FF? Richard Miles (Oct 27)
- Re: What is the hottest exploit for IE and FF? Roberto Espreto (Oct 26)