I was toying around with metasploit's Browser autopwn and was baffled on how weak IE 8 was, I already am a steady firefox user (however, it did fall in my test as well but not as easy as IE)
This IE is fully patched/updated as well is the java install on the pc
system is a windows 7 x64 ultimate. I must admit that I needed to disable MS Security Essenstials, since it picked up the exploits right away and blocked them. But nevertheless I don't need to tell you how many pc's aren't patched/secured at all.
Another interesting conclusion is that Trend Micro's Officescan 10.5 did not even react at all... Sure it picked up the infected .jar file etc, but that was after the Meterpreter session was built and it did not see the session, nor react to the meterpreter payload being dropped and come on, this is antique, not postmodern exploiting... ftw.
check it here:
Want to know more about Meterpreter?
Want to play with the Metasploit Framework yourself? Get it here
There is a Windows version too, but I don't recommend it since your av will remove half of the software unless you exclude it from the scans...
No comments:
Post a Comment