How to Hack Windows 7 Ultimate Using Mozilla Firefox Array.reduceRight() Integer Overflow Exploit

This is a guide and tutorial on how to use the Mozilla Firefox Array.reduceRight() Intefer Overflow to exploit a Windows 7 Ultimate machine. This will show you how the DEP / ASLR bypassing through JAVA MSVCR71 sayonara rop chain works.

This was tested on Windows 7 Ultimate using Firefox 3.6.16 and 3.6.17 browsers. Note that Java-enabled browser is needed.

Tools needed:

1. Apache web server (this is already included in Backtrack 5 R1, a penetration testing Linux distribution)
2. Netcat/Telnet (this is already included in Backtrack 5 R1, a penetration testing Linux distribution)
3. Firefox Exploit Script :

Firefox Vulnerability Exploit

Credits for ryujin -At- offensive-security.com and for dookie for this exploit.

Attacker Summary Details:
O.S.: Backtrack 5 R1 (Penetration Testing Distribution)
IP address: 192.168.117.131

Firefox Vulnerability Exploit

Victim Summary Details:
O.S.: Windows 7 Ultimate Edition
IP address: 192.168.117.130

Firefox Vulnerability Exploit

Steps to Pawn Windows 7 Ultimate Using Mozilla Firefox Array.reduceRight() Integer Overflow Exploit

1. First download the Firefox exploit script and place it in your webserver. Note that for this demo I’m using Backtrack 5 R1 with default installation so my website directory is in /var/www/ folder. I created a folder named “wiztechie” in the /var/www/ folder and placed the exploit files inside the folder.

Firefox Vulnerability Exploit

2. Start your Apache webserver by executing “/etc/init.d/apache2 start” in the terminal.

3. Make the victim computer access the web site that we have prepared. For this demo, the exploit files can be accessed by typing http://192.168.117.131/wiztechie/wiztechie.html in your Firefox browser.

Firefox Vulnerability Exploit

4. When victim successfully open the malicious webpage that contains the exploit, the victim computer port 4444 will be opened and is ready to receive connections.

Firefox Vulnerability Exploit

5. So for this this demo I’ll be using Netcat and Telnet to access the exploited computer.

Firefox Vulnerability Exploit - Using Netcat

Firefox Vulnerability Exploit - Using Netcat

Firefox Vulnerability Exploit - Using Telnet

Firefox Vulnerability Exploit - Using Telnet

PWNAGE! See that I’ve successfully exploited the victim computer, and from the command line, I can enter commands for more uber pawnage!

So how to prevent this?

In order to prevent the Mozilla Firefox Array.reduceRight() Integer Overflow Exploit, you should:
1. Update your Mozilla Firefox browser to the latest version as it is more secure.
2. Use a firewall so that you’ll be notified and you’ll be able to detect inbound and outbound connection in your computer.

Hope this guide has been informative and helpful!

Like our Facebook Fan Page.



Subscribe and get the latest tips, tricks, news, and updates delivered straight to your e-mail inbox.

Enter your email address:

Delivered by FeedBurner

Ameer

Ameer is your techie friend, the head admin, and editor-in-chief of this blog. In here we share the latest technology news and updates, computer tips and tricks, SEO, games and gaming news, and other tech articles that aims to help you with today's technology.

Website

Leave a Reply

Your email address will not be published. Required fields are marked *

DOWNLOAD FREE GAMING GRAPHICS! (PHOTOSHOP FILES + VIDEOS)
Subscribe to mailing list and download the content.
  We hate SPAM and promise to keep your email address safe.
Disclaimer: You are being added to a mailing list which you can unsubscribe at any time.
Read previous post:
How to Run Android Apps on Mac, Linux and Windows

Run and install Android apps on Mac, Linux or Windows computers through ARChon , a modified version of Google’s App...

Close