Windows XP SP3 support ends April 8th, 2014. This is not good for people who are forced to use Windows XP at work. I decided to make a video showing a old CVE-2010-2568 exploit. The exploit worked and delivered a Metasploit reverse meterpreter tcp payload. The payload executed in the sandbox as soon as I terminated the programs in the sandbox the meterpeter session dies. I tried in meterpreter session to get getprivs and getsystem but they were blocked by Sandboxie. Sandboxie also prevented me from migrating the process. But I was able to download and upload files in the meterpreter session and get a shell so Sandboxie only minimizes the damage. Without Sandboxie everything worked as you would expect. Anyway this solution is only for those who are forced to use outdated software.
CVE-2010-2568 Exploit http://www.exploit-db.com/exploits/14403/
You can get Sandboxie at http://www.sandboxie.com/index.php?DownloadSandboxie
Anyway this is my video http://youtu.be/3QVDIkXeRrc
CVE-2010-2568 Exploit http://www.exploit-db.com/exploits/14403/
You can get Sandboxie at http://www.sandboxie.com/index.php?DownloadSandboxie
Anyway this is my video http://youtu.be/3QVDIkXeRrc
No comments:
Post a Comment