2

The target machine is Windows-7 and target application is IE8. I am using exploits such as ms12-063, ms13-038 for which 'IE8, W7 target' is compatible.

But every time I connect to server created by metasploit using any of the above exploits, IE-8 just crashes while showing the typical dialog-box 'Internet Explorer has stopped working ...'. Meterpreter session never starts. IE-8 crashes while loading the HTML files from the server. The payload I am using is windows/meterpreter/reverse_tcp. What could be the problem?

I don't if this is necessary: both systems, the target (W7) and attacker(Linux-mint), are guest systems. Host machine is windows-8. I am using virtualbox to run host systems.

Please help. Thank you.

gmaster
  • 174
  • 1
  • 15

1 Answers1

0

I replicated the same scenario you've provided. I see the browser does indeed crash using these exploits and various IE exploits. It seems that afterwards we are given a crash error. My URL is then automatically set to

res://ieframe.dll/acr_depnx_error.htm#,http://192.168.10.109:8080/3Oelpwl0prn

It would seem that the exploit we're using is not bypassing DEP.

If you want to generate your own shellcode that will fit (~342 bytes) and replace it the following exploit might work for you.

http://www.exploit-db.com/exploits/35273/

dj_jazzy_jeff
  • 1
  • thanks. I already (before posting the question) turned off the DEP thing. So the warning: 'IE has closed this webpage to help protect your computer' is no longer there, but IE-8 still crashes. And I can't open the link you provided; my college ISP has blocked hacking websites. ;) – gmaster Jan 30 '15 at 07:24
  • You don't happen to be an OSCP pursuant are you? – dj_jazzy_jeff Jan 30 '15 at 07:41
  • NO! I don't even know what is that! I am doing bachelors in computer science. I need the above thing for my project. – gmaster Jan 30 '15 at 10:17
  • I switched to windows-XP. It doesn't crash anymore but meterpreter session never starts. I don't know why? Plus I didn't download any patch for IE-8. You have any idea what could be blocking the meterpreter session? There's no AV. Firewall is switched off. What could be the problem? – gmaster Feb 04 '15 at 17:01