Home page logo

metasploit logo Metasploit mailing list archives

Re: PassiveX is dead?
From: HD Moore <hdm () metasploit com>
Date: Sun, 19 Jun 2011 12:51:20 -0500

On 6/19/2011 10:43 AM, Richard Miles wrote:

I tested passiveX against my Windows Vista and IE8 and it doesn't
work, I also tested against an Windows XP SP3 and IE7 and it also
failed, shell never returned.

In my opinion passiveX was one of the best payloads in metasploit. Is
it really broken? Any prevision to fix it?

Is it broken even in Metasploit Professional? There are better
payloads (more robust, hard to detect and better to find their way to
the internet on the Metasploit Professional)?

This payload has been broken off and on for years; the original version
only worked with IE6, Natron did a ton of work to make it work on IE7,
but we will probably not be bringing it into IE8/IE9 compatibility, in
favor of a different implementation altogether based on the
reverse_https stager.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]