Saturday 17 September 2016

MS16-051 with in Empire

Powershell Expire has been a great asset for those who wanna develop exploits in python and merge into some exploit handlers other than MSF/ExploitPack.

So today's post is for an exploit which has been in heat from last couple of months as i've read lots of post about it.
Also its been used in some famous exploitkits. Like recently it was been observed in neutrino exploitkit.

Yeap its 'MS16-051' Exploit which is also known as 'internet explorer vbscript_godmode exploit'.

Its available in Empire too. you can download stager from here 

So lets start...... :D


[Installing EMPIRE And Adding New Stager]

Done with git clone


Lets add our stager 'ms16_051' to /Empire/lib/stager and hit install.sh in /Empire/setup/install.sh .
Install apache2 if u dont have , i hope everyone have it as mostly testers uses pentsting distros. So i left this onto you.


[Get Everything Ready]

Listener is all set 


Setting our stager up and get out output html file :)  


So everything setup here :) now lets wait our victim to click the link pointed to our apache :) 

[Personally Observed ]

As i searched on internet for IE6 test of this exploit, i didn't found a single post related to it. So I gave this exploit a try in IE6 too :P LOL it worked there too.