Metasploit mailing list archives
Re: PassiveX is dead?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Sun, 26 Jun 2011 14:53:01 -0500
Very interesting. I'm excited to see the second stage using the same resources (such as proxy address, port and authentication). Thanks and keep the good work. On Sun, Jun 26, 2011 at 2:07 PM, HD Moore <hdm () metasploit com> wrote:
On 6/26/2011 1:43 PM, Richard Miles wrote:Hi HD Moore,I see. But reverse_https is not able to reuse the same connection from IE, right? Sor for example, if the IE browser uses a proxy and the proxy require authentication (integrated on the DC) it will fail, right?The first stage of reverse_https uses the same information that IE does to make the connection (through the use of WinInet). The second stage does not and this is where work needs to be done.Do you mean just proxy configuration (host and port), right? I mean, if they required NTLM authentication the first stage will fail, right?The first stage uses WinInet with the PRECONFIG option, which also includes authentication. -HD
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- PassiveX is dead? Richard Miles (Jun 19)
- Re: PassiveX is dead? HD Moore (Jun 19)
- Re: PassiveX is dead? Richard Miles (Jun 20)
- Re: PassiveX is dead? HD Moore (Jun 20)
- Re: PassiveX is dead? Richard Miles (Jun 26)
- Re: PassiveX is dead? HD Moore (Jun 26)
- Re: PassiveX is dead? Richard Miles (Jun 26)
- Re: PassiveX is dead? Richard Miles (Jun 20)
- Re: PassiveX is dead? HD Moore (Jun 19)
- Re: PassiveX is dead? Sherif El-Deeb (Jun 20)
- Re: PassiveX is dead? Richard Miles (Jun 26)