Results 1 to 2 of 2

Thread: Winamp 5.12 Exploit (Metasploit)

  1. #1
    Junior Member imported_soultaker666's Avatar
    Join Date
    Aug 2006
    Posts
    73

    Default Winamp 5.12 Exploit (Metasploit)

    Ok here it is. I am testing the Winamp 5.12 exploit using the MSFWEB interface and this i what happens.. I first go to the Exploit tab and choose the "Winamp Playlist UNC Path Computer Name Overflow" exploit. I then choose the "Winamp 5.12 Universal" target. I then choose the "generic/shell_reverse_tcp" payload as to connect back to the target via command shell. I then put in the settings for the exploit as follows: SRVHOST: 10.10.10.x SRVPORT : 8080
    LHOST: 127.0.0.1 LPORT: 4444 (Where the SRVHOST is my local IP of BT). I then launch the exploit

    =[ msf v3.1-dev + -- --=[ 214 exploits - 107 payloads + -- --=[ 17 encoders - 5 nops =[ 39 aux[*] Started reverse handler[*] Using URL: http://10.10.10.x:8080/lB7fLGX8qzRL[*] Server started.[*] Exploit running as background job.
    msf exploit(winamp_playlist_unc) >


    I then email the URL to my target machine. I go to my target machine and click on the link via email. It takes me to a page and the pop up blocker goes off. I then right-click and say download file (Winamp is setup to automatically associate any play lists with itself) the play list then loads into my Winamp player and I can see it streaming through. It then locks up and does nothing.. I then go to my BT machine and it says " sending exploit to 10.10.10.x:3362". I then go back to my target machine and open a command prompt and type the netstat command and it comes back with 10.10.10.x:3362 ESTABLISHED but there is no command prompt on my BT machine.. I am wondering why no command prompt comes up on my BT machine.

    If anyone has any insight as to why this is doing this I would very much appreciate some input.. Thank you all for your time...
    The key to immortality is first living a life worth remembering.

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    I guess this thread is useless since I helped you get it going

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •