Metasploit mailing list archives
ms11xxx_ie_css
From: Miguel Rios <miguelrios35 () yahoo com>
Date: Sat, 25 Dec 2010 12:01:53 -0800 (PST)
Hi everyone and Merry Xmas, I've been messing about with the new ms11xxx_ie_css exploit and I have a few questions maybe someone here can help with. (by the way thanks jduck for such a quick job) The exploit works fairly reliably for me but unfortunately it's detected already by avira and NOD. So I decided to save the html files produced by the module to see if I could find out what part of the javascript was triggering the AVs. Anyway, I see that when I just open the html file locally the exploit fails. I presume this is because there is an URI to a dll and it's referenced locally. Is this correct? If so, where does the created dll get stored so I can reference it correctly? I wish we had jsidle already incorporated into metasploit (I recall he posted a few patches for some modules, including ie_peers I believe). It's getting tougher and tougher to bypass AVs on client sides.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- ms11xxx_ie_css Miguel Rios (Dec 25)
- Re: ms11xxx_ie_css Miguel Rios (Dec 26)
- <Possible follow-ups>
- Fw: RE: ms11xxx_ie_css Miguel Rios (Dec 27)
- Re: ms11xxx_ie_css Miguel Rios (Dec 31)
- Re: ms11xxx_ie_css Chris (Dec 31)
- Re: ms11xxx_ie_css Joshua J. Drake (Dec 31)
- Re: ms11xxx_ie_css Miguel Rios (Dec 31)