module
Metasploit msfd Remote Code Execution via Browser
| Disclosed | Created |
|---|---|
| Apr 11, 2018 | Jun 14, 2018 |
Disclosed
Apr 11, 2018
Created
Jun 14, 2018
Description
Metasploit's msfd-service makes it possible to get a msfconsole-like
interface over a TCP socket. This module connects to the msfd-socket
through the victim's browser.
To execute msfconsole-commands in JavaScript from a web application,
this module places the payload in the POST-data. These POST-requests
can be sent cross-domain and can therefore be sent to localhost on the
victim's machine. The msfconsole-command to execute code is 'rbi -e
"CODE"'.
Exploitation when the browser is running on Windows is unreliable and
the exploit is only usable when IE is used and the quiet-flag has been
passed to msf-daemon.
interface over a TCP socket. This module connects to the msfd-socket
through the victim's browser.
To execute msfconsole-commands in JavaScript from a web application,
this module places the payload in the POST-data. These POST-requests
can be sent cross-domain and can therefore be sent to localhost on the
victim's machine. The msfconsole-command to execute code is 'rbi -e
"CODE"'.
Exploitation when the browser is running on Windows is unreliable and
the exploit is only usable when IE is used and the quiet-flag has been
passed to msf-daemon.
Author
Robin Stenvi [email protected]
Platform
Ruby
Architectures
ruby
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.