Easy Chat Server is a Windows based software useful to set up a simple chat server. It is considered the simplest solution to set up a community chat room for a group or company. It is considered the simplest because it doesn’t require any other installation like Java. The latest version of Easy Chat server suffers from a buffer overflow vulnerability. This vulnerability is triggered during user registration to the easy chat server. Let’s see how we can exploit this vulnerability. During a pen test, while scanning the network, I happen to find a live system with open ports. Most important of this is that port 80 is open. Port 80 signifies a web server is running.
I decide to take a closer look at the system by running a verbose scan as shown below.
On port 80, a program called Easy Chat Server is running. I check Metasploit to find any exploits related to it. I found one related to versions 2.0 to 3.1 of Easy Chat Server. I am not sure of the version my target system is running. I load the exploit and check its options.
I set the target IP and use the “check” command to see if this exploit will work but unfortunately this exploit doesn’t support check command. I decide to take my chances and execute the exploit using the “run” command.
Voila, I got the meterpreter session on our target.