Client side attacks - reverse connection through HTTP proxy

[naplanetu at gmail.com (Taras P. Ivashchenko)]

On Mon, 22 Dec 2008 16:50:09 -0500
ArcSighter Elite <arcsighter at gmail.com> wrote:

At this moment IE6 is the most popular on win corporate desktops as I think and it's only one capability in Metasploit 
to by pass 
target's firewall through HTTP proxy using IE proxy settings.
By the way it will interesting to try it :)

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Taras P. Ivashchenko wrote:
> > ArcSighter Elite, thanks!
> > I will try it.
> >
> > > If PassiveX stager would work on IE7/8 that would be awesome. It's all
> > > you need. It's basically IE connecting. And only uses POST/GET.
>
> Hey, hey! I just said that if it would work in IE7/8. Currently, it only
> works against IE6 as far as I know.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJUAszH+KgkfcIQ8cRAoqVAKDHSu69MroNHuN6/WkNAYryeZu7vgCgpLdx
> /WaiO4BF/4DcZXhq4PMGWDs=
> =uOmM
> -----END PGP SIGNATURE-----


-- 
????? ???????? (Taras Ivashchenko), OSCP
www.securityaudit.ru
----
"Software is like sex: it's better when it's free." - Linus Torvalds
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20081223/1a55895e/attachment.pgp>