Results 1 to 3 of 3

Thread: Exploit help.

  1. #1
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Exploit help.

    Hi guys, I was looking arround in the exploit database and I found a pretty nice one called "IE wshom.ocx (Run) ActiveX Remote Code Execution (add admin user)" so I decided to test it on my VirtualBox (who has Windows XP sp2, no update, no protection) so I tried spoofing my VirtualBox's IP to my apache server with a site that contained the exploit, ActiveX box pops up, I click on run but when I check "net user" in cmd I only see Administrator user.
    I've tried to only add a user without Administrator privileges, just a normal one, didn't work.
    Can anyone please help me :-?

  2. #2
    Member muminrz's Avatar
    Join Date
    Jan 2010
    Posts
    64

    Default Re: Exploit help.

    What is the point adding a user without administrator privileges

  3. #3
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Exploit help.

    Quote Originally Posted by muminrz View Post
    What is the point adding a user without administrator privileges
    I tought that windows didn't allow administrators to be added like that, so I figured I should try to add a normal user just to see if it works. It didn't, I tested the exact command as in the exploit code and if I type that in cmd it works, so I just don't get it ...

Similar Threads

  1. Exploit-db quick navigation tutorial
    By Lincoln in forum BackTrack Howtos
    Replies: 2
    Last Post: 03-17-2011, 01:46 PM
  2. B4$ final using metasploit 3.3.4-dev to exploit IE6
    By bostonlink in forum BackTrack Videos
    Replies: 0
    Last Post: 01-24-2010, 06:14 AM
  3. Replies: 1
    Last Post: 01-21-2010, 07:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •