Vulnerability & Exploit Database

Back to search

Metasploit msfd Remote Code Execution via Browser

Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data. These POST-requests can be sent cross-domain and can therefore be sent to localhost on the victim's machine. The msfconsole-command to execute code is 'rbi -e "CODE"'. Exploitation when the browser is running on Windows is unreliable and the exploit is only usable when IE is used and the quiet-flag has been passed to msf-daemon.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/browser/msfd_rce_browser

Authors

  • Robin Stenvi <robin.stenvi [at] gmail.com>

Targets

  • Automatic

Platforms

  • ruby

Architectures

  • ruby

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/browser/msfd_rce_browser msf exploit(msfd_rce_browser) > show targets ...targets... msf exploit(msfd_rce_browser) > set TARGET <target-id> msf exploit(msfd_rce_browser) > show options ...show and set options... msf exploit(msfd_rce_browser) > exploit