Zer0 day

[Pentesting] Exploit Adobe Flash v18.0.194 (cve-2015-5119) 본문

Research/Pentesting

[Pentesting] Exploit Adobe Flash v18.0.194 (cve-2015-5119)

Zero Day 2016.08.04 23:28

Exploit Adobe Flash v18.0.194 (cve-2015-5119)


1. Exploit Info

Under Adobe Flash 18.0.194, there is UAF(Use After Free) vulnerability using 'ByteArray'


2. Target Info

- Victim

IP Addr : 192.168.0.34

OS : Windows 7 Ultimate x86 with ie11, flash v18.0.194


- Hacker

IP Addr : 192.168.0.35

Malicious URL : http://192.168.0.35/

OS : Kali Linux v2016.1 x86-64


3. Exploit

This time, we will try the exploit using Adobe Flash v18.0.194 UAF Bug


1. Set Modules on!

Using adobe_flash_hacking_team_uaf module

then, set meterpreter reverse shell


Let the victim who has flash under v18.0.194 enter into above link http://192.168.219.105:8080/


2. Then we can get shell successfully


Just End of PoC


- End of PoC -


4. Analyze

Details are on next post!

Link : http://zer0day.tistory.com/305

0 Comments
댓글쓰기 폼