query on exploit/windows/browser/apple_quicktime_rtsp

[nkanaskar at hotmail.com (Nitin Kanaskar)]

k - i should open a browser on xp
which has the vulnerable quicktime plugin 
and invoke a URI which connects to the BT3 box.
On this box, the exploit job has started and 
listening for connections on port 4444.

Still I am not clear - how browser on my xp
box will connect to this job listening on BT3 box
4444 port by invoking a 'http://' URI?

sorry - my questions maybe naive for you, but
I am completely new to this.

Nitin

 

> Date: Mon, 9 Feb 2009 16:45:32 +1100
> Subject: Re: [framework] query on exploit/windows/browser/apple_quicktime_rtsp
> From: patrick at aushack.com
> To: nkanaskar at hotmail.com
> CC: framework at spool.metasploit.com
>
> Yep, it is a passive exploit. The job is started, waiting for a
> vulnerable client with a browser to connect with a vulnerable version
> of QuickTime installed.
>
> The job will send the trigger to the client as HTML/XML, then overflow
> QuickTime, and the payload will connect with a session.
>
> One note:
>
> SRVHOST should be the IP that the XP box will be connecting to (the
> BT3 instance).
> SRVPORT is the HTTP server port (usually 80)
>
> If you're using shell_bind_tcp, check LPORT which is the actual port
> the payload will listen on. This is 4444 by default.
>
> -Patrick

_________________________________________________________________
Windows Live?: E-mail. Chat. Share. Get more ways to connect. 
http://windowslive.com/howitworks?ocid=TXT_TAGLM_WL_t2_allup_howitworks_022009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090209/6612a3f0/attachment.htm>