WINDOWS XP - AURORA - INTERNET EXPLORER 6
- Layout for this exercise:
- Internet Explorer 6 suffers from a memory corruption flaw that can be exploited. This a client side attack, where the victim connects to a web server with the Internet Explorer 6 brower. Internet Explorer 6 holds a memory corruption flaw that can be exploited from a fake web server. This attack can be performed against old operating systems like Windows XP with no updated browsers.
- Metasploit provides the module ms10_002_aurora to take advantage of this vulnerability:
- Required options for this exploit:
- The SRVPORT can be the usual TCP 80:
- The SRVHOST corresponds to the local host or web server's IP:
- The URIPATH is the URL where the victim clicks for triggering the exploit. In this case, let's establish /:
- The exploit is run and the web server starts on the attacker side, waiting for a client to connect:
- From the client side, the victim XP connects to the web server:
- Then, a meterpreter session (1) is opened:
- Interacting with session 1, post exploitation can be done over the victim XP:
