Metasploit-framework: exploit/windows/browser/ms16_051_vbscript - automation variable bl.A issue

Created on 11 Oct 2017  路  7Comments  路  Source: rapid7/metasploit-framework

Steps to reproduce

How'd you do it?

  1. launch exploit in metasploit: $use exploit/windows/browser/ms16_051_vbscript
  2. with the victim computer with IE 11 installed, browse the target URL
  3. Metasploit shows "Sending main page" in the console
  4. Nothing happens on the client side: with the vbscript console (through the inspector) an error pops 'Cette variable utilise un type Automation non g茅r茅 par VBScript: 'bl.A'

This section should also tell us any relevant information about the
environment; for example, if an exploit that used to work is failing,
tell us the victim operating system and service versions.

Expected behavior

launch cmd

Current behavior

nothing on client side

Target System

IE 11.0.9600.18015
Windows 7 (6.1.7601)

Metasploit version

4.15.0

I installed Metasploit with:

Community installer (from http://www.rapid7.com/products/metasploit/download.jsp)

OS

ubuntu

bug
Source
picture davikayel

All 7 comments

It would be helpful to know what exploit you're attempting to use. Some details from the Internet Explorer version you're targeting would probably be nice as well, but I can't say what particular DLL's we'd need information from without first knowing which exploit module you're using.

wwebb-r7 picture wwebb-r7 on 11 Oct 2017

Thanks for updating. I'll have a look at it later

wwebb-r7 picture wwebb-r7 on 11 Oct 2017
😄1

I probably won't have a chance to focus on this until the weekend or next week. In the meantime, what operating system is the target running on?

There was a cumulative update earlier this year which added functionality to disable features of the VBScript language and/or the entire language itself. I'm still not positive on exactly what - I am no expert on VBScript (nor do I aspire to ever be such .... ever).

I'd guess at this time that you might be running the exploit against a target that has the vuln patched, in addition to possibly having the previously mentioned update, which results in this weird error versus the exploit just not doing anything at all. If that's not it, I'll just have to investigate.

wwebb-r7 picture wwebb-r7 on 13 Oct 2017

I updated the OS version.
I am almost sure IE was not patched (last applied KB from 2015!)
Regarding the OS patch, i can check. Do you know which KB is related to this very fix? I was almost sure the system was vulnerable before trying (based on the KB date), but I can of course check again.
Thanks for your help anyway!

davikayel picture davikayel on 13 Oct 2017

I wondered if the Antivirus could be the cause of the crash. So I tried on a new workstation with no antivirus at all, and it appears that I obtained the same result with the automation error related to the bl.A variable... Did you have any chance to have a look to the issue?

davikayel picture davikayel on 17 Oct 2017

Hello,
Did you have any chance to have a look at the issue?
Thanks a lot!

davikayel picture davikayel on 2 Nov 2017

Sorry, I've been on vacation for awhile and have been playing catch up this week. I probably should have mentioned that. I haven't had a chance to look at anything yet.

As far as the the cause, I wouldn't think AV would have anything to do with it. I'm still inclined to say its the major VBScript changes, as that error only makes sense in that context. We'll see though.

wwebb-r7 picture wwebb-r7 on 3 Nov 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Jab2870 picture Jab2870  路  26Comments
busterb picture busterb  路  30Comments
Rogdham picture Rogdham  路  47Comments
digininja picture digininja  路  26Comments
monomaki2035 picture monomaki2035  路  31Comments