[framework] Metasploit vs ANI
Saad Kadhi
saad at docisland.org
Mon Apr 2 06:58:30 CDT 2007
On Apr 2, 2007, at 10:58 AM, Nicolas RUFF wrote:
> I've just been testing ANI/HTTP payload against XPSP2 and Vista,
> and the
> Web page seems somewhat "corrupted". As a result, IE displays ASCII
> characters without even crashing.
>
> I cannot even see the "anih" header. The page might be GZIP'ed even if
> default options are set to turn off all evasion techniques. What do
> you
> think ?
It looks like I have similar results with XPSP2 and IE7 with a
Windows Update run as of today Apr 2, 12:00 PM CEST.
> Filtered Wireshark transcript below (non-printable characters
> removed).
>
> ----------------------------------------------------------------------
> -----------
> GET /lol HTTP/1.1
[...]
Here is mine:
---
GET /patch.html/
oeJxHVBAW2QFNlxVVEc1ldTJhFhZVErJ3lIwQtkFep9ggF90zQyD.tar?ZRpysSDj=3
HTTP/1.1
Accept: */*
Referer: http://10.1.1.13:8080/patch.html
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: 10.1.1.13:8080
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: Apache
Content-Type: application/octet-stream
Content-Length: 54396
Connection: Keep-Alive
<html><head><title>IIwfmtdniAyKevCF0ZECVHl0BZ3691SbwkQihsZQHyaiuNF2ONquH
Lgxegjd</title></
head><body>zjOLdfLZLOCvJlIMkYspWM6Lrw32tY99mQmBfuSxkzhwrNDOzENXhNlvqN9ip
PI2GwEruvXoIyqEIMFj<div style='
[...]
---
Full transcript available on request.
Regards,
--
Saad Kadhi -- http://saad.docisland.org/
"True security is born from love alone" -- Antibalas
More information about the framework
mailing list