Metasploit mailing list archives
Metasploit vs ANI
From: saad at docisland.org (Saad Kadhi)
Date: Mon, 2 Apr 2007 13:58:30 +0200
On Apr 2, 2007, at 10:58 AM, Nicolas RUFF wrote:
I've just been testing ANI/HTTP payload against XPSP2 and Vista, and the Web page seems somewhat "corrupted". As a result, IE displays ASCII characters without even crashing. I cannot even see the "anih" header. The page might be GZIP'ed even if default options are set to turn off all evasion techniques. What do you think ?
It looks like I have similar results with XPSP2 and IE7 with a Windows Update run as of today Apr 2, 12:00 PM CEST.
Filtered Wireshark transcript below (non-printable characters removed). ---------------------------------------------------------------------- ----------- GET /lol HTTP/1.1
[...] Here is mine: --- GET /patch.html/ oeJxHVBAW2QFNlxVVEc1ldTJhFhZVErJ3lIwQtkFep9ggF90zQyD.tar?ZRpysSDj=3 HTTP/1.1 Accept: */* Referer: http://10.1.1.13:8080/patch.html Accept-Language: en-us UA-CPU: x86 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) Host: 10.1.1.13:8080 Connection: Keep-Alive HTTP/1.1 200 OK Server: Apache Content-Type: application/octet-stream Content-Length: 54396 Connection: Keep-Alive <html><head><title>IIwfmtdniAyKevCF0ZECVHl0BZ3691SbwkQihsZQHyaiuNF2ONquH Lgxegjd</title></ head><body>zjOLdfLZLOCvJlIMkYspWM6Lrw32tY99mQmBfuSxkzhwrNDOzENXhNlvqN9ip PI2GwEruvXoIyqEIMFj<div style=' [...] --- Full transcript available on request. Regards, -- Saad Kadhi -- http://saad.docisland.org/ "True security is born from love alone" -- Antibalas
Current thread:
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Nicolas RUFF (Apr 02)
- Metasploit vs ANI Saad Kadhi (Apr 02)
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Nicolas RUFF (Apr 02)
- Metasploit vs ANI mmiller at hick.org (Apr 02)
- Metasploit vs ANI H D Moore (Apr 02)
- Metasploit vs ANI Giorgio Casali (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI mmiller at hick.org (Apr 03)
- Metasploit vs ANI Thomas Werth (Apr 03)
- Metasploit vs ANI Nicolas RUFF (Apr 02)