Metasploit mailing list archives
query on exploit/windows/browser/apple_quicktime_rtsp
From: nkanaskar at hotmail.com (Nitin Kanaskar)
Date: Mon, 9 Feb 2009 07:06:56 -0600
k - i should open a browser on xp which has the vulnerable quicktime plugin and invoke a URI which connects to the BT3 box. On this box, the exploit job has started and listening for connections on port 4444. Still I am not clear - how browser on my xp box will connect to this job listening on BT3 box 4444 port by invoking a 'http://' URI? sorry - my questions maybe naive for you, but I am completely new to this. Nitin
Date: Mon, 9 Feb 2009 16:45:32 +1100 Subject: Re: [framework] query on exploit/windows/browser/apple_quicktime_rtsp From: patrick at aushack.com To: nkanaskar at hotmail.com CC: framework at spool.metasploit.com Yep, it is a passive exploit. The job is started, waiting for a vulnerable client with a browser to connect with a vulnerable version of QuickTime installed. The job will send the trigger to the client as HTML/XML, then overflow QuickTime, and the payload will connect with a session. One note: SRVHOST should be the IP that the XP box will be connecting to (the BT3 instance). SRVPORT is the HTTP server port (usually 80) If you're using shell_bind_tcp, check LPORT which is the actual port the payload will listen on. This is 4444 by default. -Patrick
_________________________________________________________________ Windows Live?: E-mail. Chat. Share. Get more ways to connect. http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_allup_howitworks_022009 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090209/6612a3f0/attachment.htm>
Current thread:
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp webDEViL (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp Patrick Webster (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- Message not available
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp H D Moore (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp MC (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Patrick Webster (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Patrick Webster (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp webDEViL (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp Donnie Werner (Feb 09)