mailing list archives
Re: PassiveX is dead?
From: HD Moore <hdm () metasploit com>
Date: Sun, 19 Jun 2011 12:51:20 -0500
On 6/19/2011 10:43 AM, Richard Miles wrote:
I tested passiveX against my Windows Vista and IE8 and it doesn't
work, I also tested against an Windows XP SP3 and IE7 and it also
failed, shell never returned.
In my opinion passiveX was one of the best payloads in metasploit. Is
it really broken? Any prevision to fix it?
Is it broken even in Metasploit Professional? There are better
payloads (more robust, hard to detect and better to find their way to
the internet on the Metasploit Professional)?
This payload has been broken off and on for years; the original version
only worked with IE6, Natron did a ton of work to make it work on IE7,
but we will probably not be bringing it into IE8/IE9 compatibility, in
favor of a different implementation altogether based on the