[framework] Problems getting IE exploits to run
H D Moore
hdm at metasploit.com
Fri Jun 16 00:01:15 CDT 2006
On Thursday 15 June 2006 23:53, Wang, Kathy wrote:
> - Using ie_createtextrange exploit in Metasploit framework with
> win32_exec payload and default options (HTTPPORT is 8080, EXITFUNC is
> seh) and CMD is set to "echo foo > c:\test.txt"
Try setting CMD to "cmd.exe /c echo foo > C:\\test.txt"
> - Same as above, except now I'm using ie_iscomponentinstalled exploit
Windows XP 2002 already contains a patch for this bug IIRC.
> - Windows XP Professional version 2002 SP2 with IE 6.0.2900.2180
> browser - Using ie_createtextrange exploit with win32_exec payload, and
> default options, and same CMD option as above cases
Try the change to the CMD parameter listed above. If that fails, try using
a different payload, such as win32_bind, win32_reverse, or the VNC
injection/Meterpreter payloads. Please report any success/failure
differences off-list.
> Is there something obvious that I'm doing wrong here? I thought for
> example, that ie_createtextrange worked on Windows XP SP2, but that was
> one of my test cases, and it didn't work in my case.
It sounds like its just a payload issue. The problem is that Windows
doesn't have a command called "echo", only one called "cmd" that parses
"echo" as an internal command.
Good luck!
-HD
More information about the framework
mailing list