"Never let school get in the way of learning."
-- Mark Twain
** This should not be used in any illicit manner**
** This is a proof of concept, and we cannot be **
** held liable for the misuse or alterations of **
** this code. **
** this exploit will download a file hosted on **
** the same domain and execute it locally on the**
** affected computer system **
MS06-014 - RDS DataStore
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
This exploit allows us to open up a valid Adodb Stream object and write
the contents of an AJAX request to any location on the affected system.
Furthermore, we are then able to execute our newly written script with the
privileges of the current user.
Our malicious contents from the XMLHTTP Request are written locally to the
Temp location with the CreateOverwrite flag set using the method "savetofile"
Usage: ./bl4ck_ms06_014.py /location/to/stage2.exe index.html
(the file we want to execute must be hosted on the same site as the malicious html)
Download Now!