Internet Explorer 6 Hacking

Recently I wanted to test a client-side attack against the IE6 browser to see how vulnerable it was. So, I set up a WIndows XP box, fully patched to SP3, but being sure not to upgrade the browser at all from IE6.

Then I went through the Social Engineering Toollkit (SET) browser exploits trying to pwn my host, browsing to each exploit in the toolkit.

I thought that I'd easily pwn IE6, since it is so old, but I was surprised that out of the 21 exploits in the SET menu, only ONE worked! That exploit was "ie_unsafe_scripting", and even that exploit popped up an alert on the victim box stating "An ActiveX control might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" If the user clicks yes (or if they have "Initialize and script ActiveX controls not marked to safe" marked as "Enable"), they are pwned.

So the lesson learned for me is that the browser exploits in Metasploit, even against an ancient and vulnerable browser like IE6, need other features aside from the default installation (like .Net 2.0, Adobe Flash, Java, etc). A default, bare-bones IE6 is actually tougher to pwn than I thought.

Comments

2025 Tap And Map

Tap And Map is back with new and improved installation instructions! Here is an old video showing what TapAndMap is, for those who may not know: https://www.youtube.com/watch?v=gRfQzBjrhEE you'll notice that it's been a while since I've touched Tap And Map. Because it's been so long since I built this, the old installation instructions would NEVER work to build it today (Feb 2025). Plus, there was a Google Maps API bug that has troubled me all this time, as Google Maps would decide not to reload the page and I'd have to clear my history (lame). Because my old code was built as an all-in-one method, so packets were sniffed, looked up, displayed, and logged, all in one large monolithic module, there was no easy means to troubleshoot. So I've now decided to Sniff packets, lookup their IP information, and store the data in one script, and read that file, parse and publish html files in a separate module. That allowed me to b...

HP c6180 Printer and Vista

Hp c6180 driver issues with Vista Home Premium My wife has a Vista Home Premium laptop, and the HP C6180 Photosmart printer keeps disappearing from her available printers. The only way I've found to fix the problem is to reinstall all the HP software. When I do this, I have to download the (large..507M software from HP, or reinstall the printer (ONLY the printer, not the scanner) with the installation disk, as the drivers are not discovered with a "Windows Update" setting. My guess is that is because HP doesn't like people to install only the printer driver, which would be easy, but they want folks to install all their crapware as well, so they are withholding the drivers from the on-line Microsoft printer database. So keep your installation CD! I've also found that unless I install everything on the CD or in the Full Version download (HP Customer Participation Program, HP Imaging Device functions, HP OCR SW, HP All-In-one SW, HP Photosm...

atftpd vs tftpd-hpa

Recently I was trying to tftp files from a Windows computer to a Kali box. One version of Windows worked, but another didn't. After much troubleshooting, here were my symptoms: I could tftp a file from-to any Kali box from-to another Kali box I could NOT tftp files to a specific Windows 7 box from any Kali box I could NOT tftp files to a Chrooted-Ubuntu-Chromebook box from a Kali box After MUCH troubleshooting, going through every setting in atftpd, it seemed like it literally was a client OS problem. Different clients simply would not download files---unacceptable. Thus, I switched to tftpd-hpa. To install: apt-get install tftpd-hpa files go to/come from /srv/tftp, but it needs to be a tftp user. Thus, I needed to: chroot -R /srv/tftp Also, if you want to be able to put files ON the tftp server (from a client), you need to modify /etc/default/tftpd-hpa: change "TFTP_OPTIONS="--secure" to "TFTP_OPTIONS="--secure --create" ...

WUWA

Search This Blog