[framework] Spam: InternetExplorer Payloads
Robin Kipp
robin.kipp at gmx.de
Mon Jul 30 17:09:33 CDT 2007
Hey all,
Just downloaded Metasploit and it really seems to be fun, I just
successfully nuked the ICS service in my network. Now I wanted to
exploit InternetExplorer 6 on my Windows XP Sp2 laptop. Some of the
exploits displayed some strange signs in the browser window, and some
even closed the InternetExplorer with an error message. However, I
wasn't able to control my laptop from a command shell on my comp. Here's
exactly what happens:
For example, let's select the Internet Explorer createTextRange() Code
Execution on the web console. As the target, I select Internet Explorer
6 - (6.0.3790.0 - Windows XP SP2).
Then, I select generic/shell_bind_tcp on the next screen to get a
console when someone connected to my server.
SRVHOST is my intranet IP, SRVPORT is 8080, URIPATH is "exp" and LPORT
is 4444.
Now when I click on "Launch Exploit", The following lines appear:
# # ###### ##### ## #### ##### # #### # #####
## ## # # # # # # # # # # # #
# ## # ##### # # # #### # # # # # # #
# # # # ###### # ##### # # # # #
# # # # # # # # # # # # # #
# # ###### # # # #### # ###### #### # #
=[ msf v3.0
+ -- --=[ 191 exploits - 106 payloads
+ -- --=[ 17 encoders - 5 nops
=[ 36 aux
[*] Using URL: http://192.168.1.111:8080/exp
[*] Server started.
[*] Exploit running as background job.
Now let's open the URL http://192.168.1.111:8080/exp from the laptop. A
% sign appears in the browser window and the line
[*] Started bind handler
Appears in the web console. However, when I go to "sessions", I don't
see anything helpful, just the message that there are no sessions. Is
there anything I can do so I can exploit my own InternetExplorer? :-)
Thanks!
Robin
More information about the framework
mailing list