| Name | wp_wireshark_lua |
| CVE | CVE-2011-3360 |
| Exploit Pack | White_Phosphorus |
| Description | Wireshark Lua Script File Arbitrary Code Execution |
| Notes | References: http://www.securityfocus.com/bid/49528 CVE Name: CVE-2011-3360 VENDOR: Wireshark Notes: All payloads are served over SMB via wp_smbserver_backdoor except 'Execute Command'. Windows based CANVAS users must first disable the native Windows SMB server before running the module. On Windows 7 this is done by disabling the 'Server' and 'TCP/IP NetBIOS Helper' services and rebooting the system. This is a clientside exploit - so send the created capture zip to the target. The target must extract both files contained in the zip to the same directory before loading the pcap to trigger the vulnerability. Instructions: 1. Disable native SMB server and reboot 2. Run wp_wireshark_lua 3. Send created captures .zip to target Repeatability: Unlimited Date public: 2011-09-08 CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3360 CVSS: 6.9 |
| Learn more about the CANVAS Exploit Pack here: White_Phosphorus |