Arp poisoning the WMF exploit
Saturday 14 January 2006 by Sleepless

A little video to give you an idea of some of the capabilities of the new mpentoo-beta.

This video uses the 184mb mpentoo-beta to run msfweb, ettercap, and some filters to exploit the wmf bug. Injecting the reverse_meterpreter payload allows for grabbing admin hashes easy, and www.plain-text.info was used to crack the hash.
Provided format are MP4, WMV and DivX.

Let us know what you think on email or irc.