Home page logo

metasploit logo Metasploit mailing list archives

Re: PassiveX is dead?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Mon, 20 Jun 2011 10:00:13 -0500

Hey HD Moore

I see. But reverse_https is not able to reuse the same connection from
IE, right? Sor for example, if the IE browser uses a proxy and the
proxy require authentication (integrated on the DC) it will fail,


On Sun, Jun 19, 2011 at 12:51 PM, HD Moore <hdm () metasploit com> wrote:
On 6/19/2011 10:43 AM, Richard Miles wrote:

I tested passiveX against my Windows Vista and IE8 and it doesn't
work, I also tested against an Windows XP SP3 and IE7 and it also
failed, shell never returned.

In my opinion passiveX was one of the best payloads in metasploit. Is
it really broken? Any prevision to fix it?

Is it broken even in Metasploit Professional? There are better
payloads (more robust, hard to detect and better to find their way to
the internet on the Metasploit Professional)?

This payload has been broken off and on for years; the original version
only worked with IE6, Natron did a ton of work to make it work on IE7,
but we will probably not be bringing it into IE8/IE9 compatibility, in
favor of a different implementation altogether based on the
reverse_https stager.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]