This is a demonstration of a Quicktime 7.3 RTSP Buffer Overflow exploit. you can download the necessary files from http://www.milw0rm.com/exploits/4664
To properly run this demo exploit you will need a linux server with access to linux shell and perl installed. The windows client that will load the website for the exploit to work will need Wuicktime 7.2/7.2 installed with IE webbrowser 6.0/7.0 or Firefox webbrowser.
First you need upload index.html, server, playlist.mov to the webserver.
Than you have to edit the entry in playlist.mov and insert the server ip in place of “_server_emulator_ip”. As shown in the picture:
At last you have to shell script “server” fromt he webserver:
The exploit is loaded and waiting for victims. Just point your windows webbrowser to the exploiting webserver and watch you browser crash and die:
You can read more about the exploit here: http://www.infoworld.com/article/07/12/03/Attackers-target-unpatched-QuickTime-flaw_1.html
From the site:
“There are two types of attacks underway, Symantec said. In the first, victims’ computers are being redirected from an adult Web site, Ourvoyeur.net, to another Web site that infects the computer with an application called loader.exe, which can be saved to the computer as metasploit.exe, asasa.exe, or syst.exe. Once installed on a computer this application downloads another binary file, which Symantec identified as Hacktool.Rootkit, a set of tools that can be used to break into a system.
Symantec said it was possible attackers had managed to compromise Ourvoyeur.net as part of the attack.”