Metasploit mailing list archives

wmf never worked on my default winxp ever

From: draino at gmail.com (Josh Chaney)
Date: Wed, 4 Jan 2006 14:16:55 -0700

Your configuration is somehow different. I've tried it on quite a few
machines here at work, as well as some family members. All exploited without
a hitch. It sounds like the picture/fax viewer is not installed and it's
treating the file like any other file that it doesn't know what to open it
with. I can assure you that this happens on SP2.

      -Josh

On 1/4/06, sandalwood <sandalwood at inmail24.com> wrote:


Hello all,

I don't understand how this is a bad bug.  As soon as I saw the first
exploit for this I installed a fresh completely new blank install of
windows xp professional sp2, and tested it.  It has never worked even
once.  I have also tried HD's exploits for it, including the one
released today that uses BMP format and gzip content encoding (elite
dude thank you).. however that still doesn't work.

In my default fresh install of windows, I go to the url and it pops up
a warning about downloading a file.  I have to click on the
information bar and choose download.  Then if I go to the desktop and
doubleclick the file, it does run the picture viewer which then
crashes.

So who is this a threat to??  Just sp1 systems? are there even any out
there?

In case you are wondering if my testing methodology was poor: I also
then LATER tried accessing public websites that were exploiting people
such as crack sites and porn that people talked about as carrying this
bug. Those did not work either.  I have zero software installed.  This
is a clean default install of windows. no antivirus, firewall, nothing
but microsoft windows.

I would post screenshots or video clip of it if it would help.  I
think it is clear that there are some systems that are NOT VULNERABLE
to this, by default. For everyone to be saying this affects winxp sp2
I think is an error.

addition:  i have now confirmed 2 other friends of mine say that it
throws up a warning saying it blocked a download and does not work on
their machines either.

--
Best regards,
sandalwood                            mailto:sandalwood at inMail24.com



----------
* Zoner PhotoStudio 8 - Your Photos perfect, shared, organised!
www.zoner.com/zps

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20060104/46e3d274/attachment.htm>

Current thread:

Metasploit Book?, (continued)
- - - Metasploit Book? Jason Mayer (Jan 05)
- wmf flaws...auto-restart the exploit? H D Moore (Jan 04)
- wmf never worked on my default winxp ever sandalwood (Jan 04)
  - wmf never worked on my default winxp ever H D Moore (Jan 04)
    - wmf never worked on my default winxp ever (DEP) sandalwood (Jan 04)
    - wmf never worked on my default winxp ever (DEP) Devin Ertel (Jan 04)
    - wmf never worked on my default winxp ever (DEP) H D Moore (Jan 04)
    - wmf never worked on my default winxp ever (DEP) sandalwood (Jan 04)
    - downexec and gzip/chunk sandalwood (Jan 06)
    - downexec and gzip/chunk H D Moore (Jan 06)
  - wmf never worked on my default winxp ever Josh Chaney (Jan 04)
  - wmf never worked on my default winxp ever H D Moore (Jan 04)