Re: PassiveX is dead?

[Richard Miles <richard.k.miles () googlemail com>]

Hey HD Moore

I see. But reverse_https is not able to reuse the same connection from
IE, right? Sor for example, if the IE browser uses a proxy and the
proxy require authentication (integrated on the DC) it will fail,
right?

Thanks

On Sun, Jun 19, 2011 at 12:51 PM, HD Moore <hdm () metasploit com> wrote:
> On 6/19/2011 10:43 AM, Richard Miles wrote:
> > Hi
> >
> > I tested passiveX against my Windows Vista and IE8 and it doesn't
> > work, I also tested against an Windows XP SP3 and IE7 and it also
> > failed, shell never returned.
> >
> > In my opinion passiveX was one of the best payloads in metasploit. Is
> > it really broken? Any prevision to fix it?
> >
> > Is it broken even in Metasploit Professional? There are better
> > payloads (more robust, hard to detect and better to find their way to
> > the internet on the Metasploit Professional)?
>
> This payload has been broken off and on for years; the original version
> only worked with IE6, Natron did a ton of work to make it work on IE7,
> but we will probably not be bringing it into IE8/IE9 compatibility, in
> favor of a different implementation altogether based on the
> reverse_https stager.
>
> -HD
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework