Internet Explorer createTextRange() Code Execution

[hdm at metasploit.com (H D Moore)]

All of the browser exploits work the same way -- you run the exploit, the 
exploit creates a listening web server and a URL handler. To get code 
execution, you need to send vulnerable clients to your web server. How 
you do this depends on the situation, but the easiest way is to just 
email or instant message the link to the victims. 

-HD

On Tuesday 03 April 2007 09:56, Rory Garton Smith wrote:
> Greetings Mailing List
>
> Small hold up while running an exploit today. I was testing out
> "Internet Explorer createTextRange() Code Execution" (aka:
> windows/browser/ms06_013_createtextrange) on my Windows XP box in the
> other room. Using the windows/shell_reverse_tcp payload. I set up all
> of the information, and then launched the exploit, and this is what the
> terminal
>
> read:
> > > exploit
>
> [*] Started reverse handle
> [*] Using URL: http://10.1.1.5:49160/jC28sNY
> [*] Server started.
> [*] Exploit running as background job.
>
> msf exploit(ms06_013_createtextrange) >
>
> Is this what is supposed to occur? Because after this point, I waited
> for a great deal of time, just, nothing happened.
>  I'm probably missing some huge important step here, any help = greatly
> appreciated.
>
> Erez