Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

setslice exploit for meta3 but not meta2.6?

From: hdm at metasploit.com (H D Moore)
Date: Sun, 1 Oct 2006 11:50:43 -0500
On Sunday 01 October 2006 07:07, sandalwood wrote:

any chance someone can port the recent msie exploit to 2.6?


I will upload my version soon.


? correct me if i am wrong, but the meta3 version is missing
? 1. chunked encoding
? 2. gzip encoding


msf exploit(webview_setslice) > show evasion
[..]
   Name           : HTTP::chunked
   Current Setting: false
   Description    : Enable chunking of HTTP responses via
      "Transfer-Encoding: chunked"

   Name           : HTTP::compression
   Current Setting: none
   Description    : Enable compression of HTTP responses via content
      encoding (accepted: none, gzip, deflate)
[..]


? 3. download+exec payload


I just added it, svn update|MSFUpdate to get it.

$ msfpayload windows/download_exec S

       Name: Windows Executable Download and Execute
    Version: $Revision: 3534 $
   Platform: Windows
       Arch: x86
Needs Admin: No
 Total size: 340

Provided by:

Available options:
Name  Current Setting  Required  Description
----  ---------------  --------  -----------
URL                    yes       The pre-encoded URL to the executable

Description:
    Download an EXE from a HTTP URL and execute it

-HD
Previous By Date Next
Previous By Thread Next

Current thread: