Exploiting a Windows 10 machine
In this recipe, we will exploit a use-after-free vulnerability present in nsSMILTimeContainer::NotifyTimeChange()
across numerous versions of Mozilla Firefox on Microsoft Windows.
Getting ready
So, before we begin we need to download Mozilla Firefox 41.0 from https://ftp.mozilla.org/pub/firefox/releases/41.0/win32/en-US/Firefox%20Setup%2041.0.exe and install it on our Windows 10 target machine.
How to do it...
As always, good reconnaissance makes all the difference, so we first need to gather information about the browser the victim is using.
- To help us with this task, we can use the HTTP Client Information Gather auxiliary module by specifying the IP address and port of the host to listen on and the URI to use, then use one of your favorite pretexts to make the victim open the link:
msf > use auxiliary/gather/browser_info msf auxiliary(gather/browser_info) > set SRVHOST 192.168.216.5 SRVHOST => 192.168.216.5 msf auxiliary(gather/browser_info) > set...