Firefox XPCOM Execute Command - Metasploit
This page contains detailed information about how to use the payload/firefox/exec metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: Firefox XPCOM Execute Command
Module: payload/firefox/exec
Source code: modules/payloads/singles/firefox/exec.rb
Disclosure date: -
Last modification time: 2017-09-17 16:00:04 +0000
Supported architecture(s): firefox
Supported platform(s): Firefox
Target service / protocol: -
Target network port(s): -
List of CVEs: -
This module runs a shell command on the target OS without touching the disk. On Windows, this command will flash the command prompt momentarily. This can be avoided by setting WSCRIPT to true, which drops a jscript "launcher" to disk that hides the prompt.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use payload/firefox/exec
msf payload(exec) > show options
... show and set options ...
msf payload(exec) > generate
To learn how to generate payload/firefox/exec with msfvenom, please read this.
Go back to menu.
Msfconsole Usage
Here is how the firefox/exec payload looks in the msfconsole:
msf6 > use payload/firefox/exec
msf6 payload(firefox/exec) > show info
Name: Firefox XPCOM Execute Command
Module: payload/firefox/exec
Platform: Firefox
Arch: firefox
Needs Admin: No
Total size: 1028
Rank: Normal
Provided by:
joev <[email protected]>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CMD touch /tmp/a.txt yes The command string to execute
WSCRIPT false yes On Windows, drop a vbscript to hide the cmd prompt
Description:
This module runs a shell command on the target OS without touching
the disk. On Windows, this command will flash the command prompt
momentarily. This can be avoided by setting WSCRIPT to true, which
drops a jscript "launcher" to disk that hides the prompt.
Module Options
This is a complete list of options available in the firefox/exec payload:
msf6 payload(firefox/exec) > show options
Module options (payload/firefox/exec):
Name Current Setting Required Description
---- --------------- -------- -----------
CMD touch /tmp/a.txt yes The command string to execute
WSCRIPT false yes On Windows, drop a vbscript to hide the cmd prompt
Advanced Options
Here is a complete list of advanced options supported by the firefox/exec payload:
msf6 payload(firefox/exec) > show advanced
Module advanced options (payload/firefox/exec):
Name Current Setting Required Description
---- --------------- -------- -----------
JsIdentifiers no Identifiers to preserve for JsObfu
JsObfuscate 0 no Number of times to obfuscate JavaScript
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Go back to menu.
Related Pull Requests
- #8974 Merged Pull Request: spelling/grammar fixes part 4. Finished.
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #5838 Merged Pull Request: Instantiate payload modules so parameter validation occurs
- #4894 Merged Pull Request: Implement payload size caching, speeding up framework loads
- #3844 Merged Pull Request: Add the JSObfu mixin to Firefox exploits
- #2869 Merged Pull Request: Pre-release title/desc fixes
- #2868 Merged Pull Request: Fix require error for firefox payload
- #2827 Merged Pull Request: Add firefox js xpcom payloads for universal ff shells
Go back to menu.
See Also
Check also the following modules related to this module:
Authors
- joev
Version
This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.
