WINDOWS XP - AURORA - INTERNET EXPLORER 6
- Layout for this exercise:

- Internet Explorer 6 suffers from a memory corruption flaw that can be exploited. This a client side attack, where the victim connects to a web server with the Internet Explorer 6 brower. Internet Explorer 6 holds a memory corruption flaw that can be exploited from a fake web server. This attack can be performed against old operating systems like Windows XP with no updated browsers.

- Metasploit provides the module ms10_002_aurora to take advantage of this vulnerability:

- Required options for this exploit:

- The SRVPORT can be the usual TCP 80:

- The SRVHOST corresponds to the local host or web server's IP:

- The URIPATH is the URL where the victim clicks for triggering the exploit. In this case, let's establish /:

- The exploit is run and the web server starts on the attacker side, waiting for a client to connect:

- From the client side, the victim XP connects to the web server:

- Then, a meterpreter session (1) is opened:


- Interacting with session 1, post exploitation can be done over the victim XP:
