Posted on Leave a comment

Hacking Easy File Sharing HTTP Server with Metasploit

Good morning friends. Today we will see how to hack Easy File sharing HTTP Server 7.2 with Metasploit. Easy File Sharing HTTP server is a is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services. It doesn’t require additional HTML page design. It allows you to run a web site on your own PC, share photos, movies, videos and music/MP3 files securely. It also allows visitors to upload/download files easily through web-based interfaces. A recent version of this software i.e 7.2 has a SEH overflow vulnerability which can be exploited by crackers to spawn a shell in the target system. If you have gone through my previous howto’s you should be well aware how to find the vulnerable targets but in some cases we may require enumeration of our target machines. Read this to know more about enumeration.                                                   Now let’s see hacking Easy File Sharing HTTP Server 7.2 with Metasploit. Start Metasploit and load the module as shown below.

efs1

The only option it requires is the RHOST. Needless to say it is the IP address of our target. Set the target and check the payloads this exploit supports.

efs2

Set the payload you want. I have set the below payload.

efs3

Type command “show options” to check whether all options are set.

efs4

It’s time to run the exploit. Type command “run” and if all goes well, you will get a shell in the remote system. Happy hacking.

efs5

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.