Yes it works well. Also works in linux if the shellcode is changed.
Remote code execution exploit for Firefox 3.5 in the wild
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
Yes it works well. Also works in linux if the shellcode is changed.
I tried the following steps:
1) Saved the javascript in /var/www as index.html
2) K menu >> Services >> HTTPD >> Start HTTPD
3) echo "1" > /proc/sys/net/ipv4/ip_forward
4) Edit the configuration file - - /etc/etter.conf to enable iptable
3) ettercap -i wlan0 -Tq -M ARP /192.168.1.1/ // // -P autoadd
Ettercap is working because both ie & firefox are showing the certificate warning, however, exploit is not working. What am I missing completely? You can start your answer like.... "Oi.. stu***, you don't run javascript in this way............ "
I won't mind.... as this is new to me....
PS: I'm on BT4, attacking a vista box with firefox 3.5
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
Im not sure why you are running ettercap. Just fire up apache, put the exploit in apaches root / and call it index.html. Then take your vista box and browse to the page and calc.exe sohould open on the vulnerable machine.
I haven't used it or looked at it yet, but I updated my metasploit dev a couple of hours ago and I saw a new firefox exploit added, it may well resolve many of your issues.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
its called MAN-IN-THE-MIDDLE for a reason, what kazalku was doing is smart as shit, just pretend you're the router, and inject the harmful javascript to everyone on the network, and if they have 3.5, theyre screwed on every page they browse to
Idea of ettercap came from the fact that in real world, this can be used to inject a frame to the webpage that will take the user to the apache server. Is the idea wrong?Originally Posted by pureh@te
And, yes when I followed the steps you mentioned (Start Apache with the exploit as index.html, then browse to 192.168.1.2), firefox crashes. May be it's due to vista because it was reported that same thing happens with XP SP3.
Thanks, will have a look...
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
Yes, you're right of course.
...but it's all a big hassle if all you wanna do is try out the exploit for the first time.
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
Thats not "smart as shit" thats called hacking 101 lol
And btw what your suggesting would bring the network to a crawl, there are better ways to accomplish this.
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
firefox 3.5.1
on 3.5.1 it didn't seem to have worked. I thought it would work on the whole 3.5.x
all it gave me was the text in the code
Firefox 3.5 Heap Spray Vulnerabilty
Author: SBerry aka Simon Berry-Byrne
Thanks to HD Moore for the insight and Metasploit for the payload
Loremipsumdoloregkuw
Loremipsumdoloregkuwiert
Loremikdkw
its has been fixed 3.5.1 onwards
Posting Permissions
