Hack Like a Pro: How to Use Hacking Team's Adobe Flash Exploit
Welcome back, my novice hackers!
As most of you know by now, a notorious commercial, legal hacking group named "Hacking Team" was recently hacked. As part of the hack, thousands of emails and other material on their servers was divulged. Among the material released were three zero-day exploits. In this tutorial, we will walk through the steps to load one of them, which has become known as the CVE-2015-5119 exploit.
As most of you know, I think that Adobe's Flash application is among the most vulnerable applications known to mankind. New vulnerabilities and exploits are found nearly daily. When I am advising highly secure environments such as banks and the military, I advise that Adobe Flash should be banned from all systems within the organization in order to remain secure. Fortunately for you hackers, few organizations heed this advice.
The Hacking Team dump took place Sunday, July 5th, with millions of emails and other material downloaded and placed on WikiLeaks. Within days, a developer at Rapid7 had integrated this zero-day into a new Metasploit exploit. Unfortunately, as of July 13th, it is still not available from Rapid7 via msfupdate. However, it is available in a number of different places including SecurityFocus. I wanted to get this code to you as soon as possible while this vulnerability is still largely un-patched.
Let's begin by going to securityfocus.com/vulnerabilities. There, let's search for CVE-2015-5119. When you do so, you will come to this vulnerability as seen below.
We can then click on the "Exploit" tab, and it will show us a link to the exploit as seen below.
Click on the link and it will open a screen with the exploit code.
Copy and paste it into a text file. Now save that text file to your Desktop naming it adobe_hackingteam_exploit.rb. You can name it whatever you want, but if you aren't familiar with Metasploit, follow my instructions precisely to simplify this process and to increase the likelihood of success.
In the next step, we need to install this module into Metasploit if we are to use it. Please see my tutorial on installing new modules, and follow the instructions carefully with the exception that we will be moving this exploit to:
kali > mv /root/Desktop/adobe_hackingteam_2015 /root/.msf/modules/exploits/windows/flash
Now, to make certain the exploit moved, let's list the contents of that directory:
kali > ls -l /root/.msf4/modules/exploits/windows/flash
As you can see, our new Hacking Team exploit has been moved to the proper directory for use with Metasploit. If you don't have that directory, simply create it with mkdir.
Now, let's start Metasploit and see whether we can use that new exploit. Open the Metasploit console with:
kali > msfconsole
When the msfconsole opens, let's search for our new module. Type:
msf > search hackingteam
As you can see in the screenshot above, the new exploit has been loaded into Metasploit and is ready to use. To use the new exploit, type:
msf> use exploit/windows/flash/adobe_hackingteam_2015
Finally, let's get a bit of information about our new exploit.
msf > info
Although Adobe has released a patch for this exploit, there are still likely millions of systems still vulnerable to this attack.
Now that we have this exploit locked and loaded, I will show you how to use this exploit in a future tutorial. If you can't wait until then (I understand), take a look at my other Adobe Metasploit hack tutorial. This one works very similarly.