Wednesday, June 8, 2016

METASPLOIT - Windows XP - Aurora - Internet Explorer 6


- Layout for this exercise:

- Internet Explorer 6 suffers from a memory corruption flaw that can be exploited. This a client side attack, where the victim connects to a web server with the Internet Explorer 6 brower. Internet Explorer 6 holds a memory corruption flaw that can be exploited from a fake web server. This attack can be performed against old operating systems like Windows XP with no updated browsers. 

- Metasploit provides the module ms10_002_aurora to take advantage of this vulnerability:


- Required options for this exploit:

- The SRVPORT can be the usual TCP 80:

- The SRVHOST corresponds to the local host or web server's IP: 

- The URIPATH is the URL where the victim clicks for triggering the exploit. In this case, let's establish /:

- The exploit is run and the web server starts on the attacker side, waiting for a client to connect:

From the client side, the victim XP connects to the web server:

- Then, a meterpreter session (1) is opened:

- Interacting with session 1, post exploitation can be done over the victim XP: