Metasploit mailing list archives
firefox_queryinterface
From: pgsery at swcp.com (paul)
Date: Fri, 14 Mar 2008 21:33:52 -0600
I've been trying to get the Firefox queryinterface exploit to work. I've used several Firefox versions (1.0, 1.5.0.0, 1.5.0.2 running on several Fedora Core machines (3, 4, 5, 6). I've run the Metasploit instance on the host machine using lo and on a server with over a network; SELinux is off on all machines. Firefox connects to the MSF instance and gets fed the noop sled. The MSF instance sends the exploit but I don't get a shell or any indication of success. Can someone give me exact versions, etc, to use? 19:03:31 - Initialized the Metasploit Framework GUI. 19:03:02 - firefox_queryinterface [*] Launching exploit multi/browser/firefox_queryinterface... 19:03:03 - firefox_queryinterface [*] Using URL: http://0.0.0.0:8080/ 19:03:03 - firefox_queryinterface [*] Local IP: http://192.168.0.100:8080/ 19:03:03 - firefox_queryinterface [*] Server started. 19:03:14 - firefox_queryinterface [*] Started bind handler 19:03:14 - firefox_queryinterface [*] Sending exploit to 192.168.0.100:32802...
Current thread:
- firefox_queryinterface paul (Mar 14)