[burlyscudd]

He's running a web server process w/ Metasploit, configured to serve/run the exploit module. Then he issues a GET request to the server w/ the affected browser and gets a session in Metasploit (framework). The screenshots are basically proof showing that the session (connection to compromised machine w/ high-level/root access) has been created.

[xtdx]

It's not root access. It's access as whatever user was running the browser.

[burlyscudd]

Yeah fair point that this exploit gives privs @ the level of the browser's current user. In that parenthetical, I was basically trying to explain what "session" means in Metasploit parlance in general.

[Ntrails]

Ignoring that most users run their main windows login as administrator, if we pretend it's just a guest account, how much of an impediment would that to them disrupting any anti-virus and installing a some malware?

[xtdx]

Are you asking if anybody has a 0day windows kernel exploit? Or if lots of users are going to click okie dokie when the uac prompt comes up?

I'd say yes and yes.

[greedo]

Google hashdump...

[xtdx]

Is your point that local user access is valuable? Was that ever in doubt?

[burlyscudd]

Nope