Home page logo

metasploit logo Metasploit mailing list archives

Re: PassiveX is dead?
From: HD Moore <hdm () metasploit com>
Date: Sun, 26 Jun 2011 14:07:48 -0500

On 6/26/2011 1:43 PM, Richard Miles wrote:
Hi HD Moore,

I see. But reverse_https is not able to reuse the same connection from
IE, right? Sor for example, if the IE browser uses a proxy and the
proxy require authentication (integrated on the DC) it will fail,

The first stage of reverse_https uses the same information that IE does
to make the connection (through the use of WinInet). The second stage
does not and this is where work needs to be done.

Do you mean just proxy configuration (host and port), right? I mean,
if they required NTLM authentication the first stage will fail, right?

The first stage uses WinInet with the PRECONFIG option, which also
includes authentication.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]