i tried to exploit my windows xp sp3 machine with the MS09_002_memory_corruption exploit with BackTrack 4
and when the target tried to open the browser IE6 not IE7 i got this at the Metasploit shell :
Sending Internet Explorer 7 Uninitialized Memory Corruption Vulnerability to 192.168.1.2:1074 ...
is that because im using IE6 not IE7 i thought i can use this exploit at both of them !!
and one more thing what exploit was i talking about in this video :
that guy demonstrated way to force the victim to go to his exploit server that he made with metasploit
and i tried ti this since its aweosme way to not send the victim any link or anything to ur server
i tried to do this with ettercap i edited the etter.dns and :
added the A record as the following
* A 192.168.1.4
and then used the exploit in metasploit
the problem is when i used this exploit and if i didn't configure the options "URIPATH" it takes random path that i have to send to victim
so the new path will be for example http://192.168.1.4/gegwsgf
and the ettercap will redirect the traffic to 192.168.1.4 only without /gegwsgf
and when i tried it the victim spoofed successfuly to my ip 192.168.1.4 but no connection established at the metasploit :S why ?
that guy on the video didn't type URIPATH and didn't get random path like i did 192.168.1.4 only without the 192.168.1.4:80/fedfwgvsw