Metasploit mailing list archives
unable to reproduce WMF exploit
From: mwood at icts.uct.ac.za (Michael Wood)
Date: Thu, 12 Jan 2006 10:03:35 +0200
Hi On Tue, Jan 10, 2006 at 01:02:20PM +0100, /dev/null wrote:
Sorry, for off-topic... Seem that everybody was able to reproduce the WMF exploit except me :)
I had a similar problem on a Windows 2003 terminal server.
Here are the steps I performed: - use ie_xp_pfv_metafile - set PAYLOAD win32_exec - set CMD cmd.exe - exploit
I tried win32_exec with notepad.exe and a couple of other things. That didn't seem to do anything, but later I noticed some notepad.exe processes running that were just not displaying. See if you have some cmd.exe processes running in the background. I also tried the win32_reverse payload which worked very well. The win32_reverse_vncinject and win32_reverse_stg_upexec payloads appeared to do nothing, though. [snip]
The most amazing thing: when I try calc.bmp generated by Mr.Moore it works like a cham...
[snip] Same here. Is there anything special that needs to be done to get the win32_exec payload to actually display the process it is running? :) -- Michael Wood <mwood at icts.uct.ac.za>
Current thread:
- unable to reproduce WMF exploit /dev/null (Jan 10)
- unable to reproduce WMF exploit Devin Ertel (Jan 10)
- unable to reproduce WMF exploit H D Moore (Jan 10)
- unable to reproduce WMF exploit Michael Wood (Jan 12)
- unable to reproduce WMF exploit H D Moore (Jan 12)
- <Possible follow-ups>
- unable to reproduce WMF exploit /dev/null (Jan 10)