• 26,769
  • +1,026
  • 3,010
Internet Explorer 6,7,8 Zero Day Exploit November 2010 CVE-2010-3962(NetCat)

Internet Explorer 6,7,8 Zero Day Exploit November 2010 CVE-2010-3962(NetCat)

Bookmark

Type : Tutorial

Level : Easy

This tutorial is the same with IE 6,7,8 Exploit using Metasploit, but I try to make it more simple for you.

Requirement :

1. Arbitrary Code(Don't open it with Internet Explorer, but use text editor to modify)

FAKEOBJ = alloc(233120, FAKEOBJ); // IE6 mshtml.dll Version 6.0.2900.5512

//FAKEOBJ = alloc(241748, FAKEOBJ); // IE6 mshtml.dll Version 6.00.2900.6036
//FAKEOBJ = alloc(733120, FAKEOBJ); // IE7 mshtml.dll Version 7.00.6000.17080
//FAKEOBJ = alloc(433120, FAKEOBJ); // IE8 mshtml.dll Version 8.00.6001.18939
//FAKEOBJ = alloc(1294464, FAKEOBJ); // IE8 mshtml.dll Version 8.00.6001.18975

//FAKEOBJ = alloc(1550371, FAKEOBJ); // oy oy oy huge spray!

Uncomment which IE version you want to exploit. In this case I'm using IE6 in Win XP SP3.

Download Source Code

Mediafire.com

2. NetCat (Windows/Linux)

Step By Step :

My IP Address : 192.168.1.8 (attacker)

Victim IP Address : 192.168.1.3(Windows Xp SP3-IE6)

1. Create your own web server(For Windows user, you can use XAMPP). and copy the index.html in your htdocs/exploit/ folder. (You can view the tutorials here in option 1 and 2)

2. Open your NetCat, an do this command nc -nv 192.168.1.3 4444. We will try to connect using port 4444 because the arbitrary code will open port 4444 in remote computer.

NetCat to Port 4444 nothing happened

If we execute the NetCat and user still not open the arbitrary code, there's nothing happened.

3. Send the URL to your victim (http://192.168.1.8/exploit/index.html) where index.html is your arbitrary code.

Victim opened the link

4. After the user open the URL, run once again your NetCat with nc -nv 192.168.1.3 4444 and see what's happen ๐Ÿ™‚ You've already inside the victim computer.

PWNED

DONE.

I hope this post is useful for you. If have any questions, just drop down your comment here.

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com