CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/exploit/windows/browser/firefox_smil_uaf.md
Views: 1904
Mozilla Firefox is a free, open-source web browser developed and maintained by the Mozilla Foundation. Multiple versions are affected by a use-after-free vulnerability, detailed by CVE 2016-9079, that can result in arbitrary remote code execution.
Vulnerable Application
The vulnerability is present in all releases of Mozilla Firefox prior to 50.0.2
Firefox 38 through 41 were specifically chosen as targets for this module, though support for more releases is planned.
Usage
UsePostHTML module option
The module includes an option named UsePostHTML which is turned off by default. Setting this option to true will result in the module sending an HTML page to the target to be rendered after successful exploitation. This can be useful in convincing the target that they have arrived at a legitimate, benign website. If desired, please edit $datadirectory/exploits/firefox_smil_uaf/post.html to suit your needs. The included example file more than likely won't be suitable for your purposes.
Using firefox_smil_uaf
Start msfconsole
Do:
use exploit/windows/browser/firefox_smil_uafDo:
set payload [PREFERRED PAYLOAD]Do:
set PAYLOAD [PAYLOAD NAME]Set payload options as needed
Do:
run, and have a target browse to the generated URLOnce a vulnerable target connects, you should receive a session like this: