« Social Engineering using Metasploit Express | Main | #MoSH Day 4 »

DLL Hijacking with Metasploit Express

Step 1: Fire up Metasploit Express and load the Exploit module

The module you are looking for is WEBDAV Application DLL Hijacker.  It is currently in the 10 most recent disclosures as of September 14th 2010.

Step 2: Select your options.  Here we are going to exploit Powerpoint!  The module will create the file "HR.ppt" in the directory "TopSecret."  When you are done setting your options, launch the attack.


Metasploit Express launches the attack and provides you with a link to send your target.

Step 3: Have the Target open your file and watch as you get a session.

Step 4: Collect that Loot!

Step 5: Well the sky is the limit.  I personally like to kill off AV.


Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>