Metasploit mailing list archives
PassiveX
From: mmiller at hick.org (mmiller at hick.org)
Date: Thu, 12 May 2005 10:38:32 -0500
On Thu, May 12, 2005 at 03:28:38PM +0000, VITO DE LAURENTIS wrote:
some html here
PassiveX is not an attack vector, it is a post-exploitation payload that allows you to build a streaming connection through an HTTP tunnel between the target and the attacker. It does this by using a stub payload that modifies Internet Explorer's zone restrictions to make it possible to execute ActiveX controls and then spawns a hidden instance of Internet Explorer pointed at a URL that the attacker controls (which is expected to have an embedded ActiveX control). Please read through the documentation at http://www.uninformed.org/?v=1&a=3&t=sumry for more information.
Current thread:
- PassiveX VITO DE LAURENTIS (May 12)
- PassiveX mmiller at hick.org (May 12)