Results 1 to 10 of 10

Thread: Remote code execution exploit for Firefox 3.5 in the wild

  1. #1
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Question Remote code execution exploit for Firefox 3.5 in the wild

    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Yes it works well. Also works in linux if the shellcode is changed.

  3. #3
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    I tried the following steps:
    1) Saved the javascript in /var/www as index.html
    2) K menu >> Services >> HTTPD >> Start HTTPD
    3) echo "1" > /proc/sys/net/ipv4/ip_forward
    4) Edit the configuration file - - /etc/etter.conf to enable iptable
    3) ettercap -i wlan0 -Tq -M ARP /192.168.1.1/ // // -P autoadd

    Ettercap is working because both ie & firefox are showing the certificate warning, however, exploit is not working. What am I missing completely? You can start your answer like.... "Oi.. stu***, you don't run javascript in this way............ "

    I won't mind.... as this is new to me....

    PS: I'm on BT4, attacking a vista box with firefox 3.5
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Im not sure why you are running ettercap. Just fire up apache, put the exploit in apaches root / and call it index.html. Then take your vista box and browse to the page and calc.exe sohould open on the vulnerable machine.

  5. #5
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    I haven't used it or looked at it yet, but I updated my metasploit dev a couple of hours ago and I saw a new firefox exploit added, it may well resolve many of your issues.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  6. #6
    Dooms_day
    Guest

    Default

    its called MAN-IN-THE-MIDDLE for a reason, what kazalku was doing is smart as shit, just pretend you're the router, and inject the harmful javascript to everyone on the network, and if they have 3.5, theyre screwed on every page they browse to

  7. #7
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Quote Originally Posted by pureh@te View Post
    Im not sure why you are running ettercap. Just fire up apache, put the exploit in apaches root / and call it index.html. Then take your vista box and browse to the page and calc.exe sohould open on the vulnerable machine.
    Idea of ettercap came from the fact that in real world, this can be used to inject a frame to the webpage that will take the user to the apache server. Is the idea wrong?

    And, yes when I followed the steps you mentioned (Start Apache with the exploit as index.html, then browse to 192.168.1.2), firefox crashes. May be it's due to vista because it was reported that same thing happens with XP SP3.

    Quote Originally Posted by Gitsnik View Post
    I haven't used it or looked at it yet, but I updated my metasploit dev a couple of hours ago and I saw a new firefox exploit added, it may well resolve many of your issues.
    Thanks, will have a look...
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  8. #8
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Quote Originally Posted by Dooms_day View Post
    its called MAN-IN-THE-MIDDLE for a reason, what kazalku was doing is smart as shit, just pretend you're the router, and inject the harmful javascript to everyone on the network, and if they have 3.5, theyre screwed on every page they browse to
    Yes, you're right of course.

    ...but it's all a big hassle if all you wanna do is try out the exploit for the first time.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  9. #9
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Quote Originally Posted by Dooms_day View Post
    its called MAN-IN-THE-MIDDLE for a reason, what kazalku was doing is smart as shit, just pretend you're the router, and inject the harmful javascript to everyone on the network, and if they have 3.5, theyre screwed on every page they browse to
    Thats not "smart as shit" thats called hacking 101 lol

    And btw what your suggesting would bring the network to a crawl, there are better ways to accomplish this.
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  10. #10
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    6

    Default firefox 3.5.1

    on 3.5.1 it didn't seem to have worked. I thought it would work on the whole 3.5.x
    all it gave me was the text in the code



    Firefox 3.5 Heap Spray Vulnerabilty
    Author: SBerry aka Simon Berry-Byrne
    Thanks to HD Moore for the insight and Metasploit for the payload
    Loremipsumdoloregkuw
    Loremipsumdoloregkuwiert
    Loremikdkw


    its has been fixed 3.5.1 onwards

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •