Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Adobe Flash version detection in JavaScript #3156

Merged
merged 4 commits into from Apr 2, 2014
Merged

Add Adobe Flash version detection in JavaScript #3156

merged 4 commits into from Apr 2, 2014

Conversation

wchen-r7
Copy link
Contributor

This adds Adobe Flash version detection in JavaScript. In order to test this, I also updated the firefox_svg_plugin exploit module so you can use it as a test case.

Verification

Demo

With Flash:

msf exploit(firefox_svg_plugin) > [*] 10.0.1.91        firefox_svg_plugin - Gathering target information.
[*] 10.0.1.91        firefox_svg_plugin - Sending response HTML.
[*] 10.0.1.91        firefox_svg_plugin - Target selected: Universal (Javascript XPCOM Shell)
[*] 10.0.1.91        firefox_svg_plugin - Sending Firefox 17.0.1 Flash Privileged Code Injection
[*] 10.0.1.91        firefox_svg_plugin - Sending .swf trigger.
[*] 10.0.1.91        firefox_svg_plugin - Sending .swf trigger.
[*] Command shell session 1 opened (10.0.1.76:4444 -> 10.0.1.91:49918) at 2014-03-28 15:36:01 -0500

Without Flash:

msf exploit(firefox_svg_plugin) > [*] 10.0.1.91        firefox_svg_plugin - Gathering target information.
[*] 10.0.1.91        firefox_svg_plugin - Sending response HTML.
[!] 10.0.1.91        firefox_svg_plugin - Exploit requirement(s) not met: flash

@jvazquez-r7
Copy link
Contributor

Working on it!

@jvazquez-r7
Copy link
Contributor

  • With FF 17 and Flash:
msf exploit(firefox_svg_plugin) > 
[*] 192.168.172.135  firefox_svg_plugin - Gathering target information.
[*] 192.168.172.135  firefox_svg_plugin - Sending response HTML.
[*] 192.168.172.135  firefox_svg_plugin - Target selected: Universal (Javascript XPCOM Shell)
[*] 192.168.172.135  firefox_svg_plugin - Sending Firefox 17.0.1 Flash Privileged Code Injection
[*] 192.168.172.135  firefox_svg_plugin - Sending .swf trigger.
[*] 192.168.172.135  firefox_svg_plugin - Sending .swf trigger.
[*] Command shell session 1 opened (10.6.0.136:4444 -> 10.6.0.136:53682) at 2014-04-02 15:12:17 -0500
  • With just FF17
msf exploit(firefox_svg_plugin) > [*] 192.168.172.135  firefox_svg_plugin - Gathering target information.
[*] 192.168.172.135  firefox_svg_plugin - Sending response HTML.
[!] 192.168.172.135  firefox_svg_plugin - Exploit requirement(s) not met: flash

Landing!

@jvazquez-r7 jvazquez-r7 merged commit a173fcf into rapid7:master Apr 2, 2014
@todb-r7 todb-r7 mentioned this pull request Oct 2, 2014
Closed
@wchen-r7 wchen-r7 deleted the flash_detection branch August 22, 2016 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jvazquez-r7 jvazquez-r7

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wchen-r7 @jvazquez-r7