Home page logo
/

metasploit logo Metasploit mailing list archives

ie_unsafe_scripting
From: spinbad <spinbad.security () googlemail com>
Date: Fri, 23 Oct 2009 21:31:06 +0200

Hi

Attached you find a exploit module which can be used if a administrator
set the IE security zone setting "Initialize and script ActiveX controls not
marked as safe"
to "enable".

The default setting is "disabled", but I had two cases where it was enabled
for
the intranet zone in a large network, making it a perfect attack vector for
internal
pentests.

Hope you like it. Would be cool if someone buts it into the SVN.

spinbad

Attachment: ie_unsafe_scripting.rb
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]