Exploiting The New IE 0day (Aurora) With MetaSploit

January 17, 2010 – 6:58 PM

While I was updating my VMs today with the final version of BackTrack 4 I decided to jump in and take a look at the new IE 0day exploit that was added to MetaSploit a couple of days ago.  It works surprisingly well.  I had 100% success rate with IE6.  IE7 was really touchy but I could not get it to work with IE8 at all.  (has to do with DEP being enabled or not)

You need to use the new exploit for this bug:

Set your favorite payload:

Set your srvhost, lhost, and lport accordingly.  You can also customize the uripath if you want. (defaults to a random string)

When it’s all set just start the exploit and wait until the URL is launched on the victim machine.  If successful, you should get a session back and have full control:

Have fun.

  1. One Response to “Exploiting The New IE 0day (Aurora) With MetaSploit”

  2. The actual code:


    By manunkind on Jan 17, 2010

You must be logged in to post a comment.