FBI Tor exploit appears on Metasploit penetration tester forum


A Tor exploit pertaining to be one used by the FBI in a recent child pornography bust has been released on the Metasploit penetration tester forum.

The exploit was posted by Metasploit user sinn3r who claimed to have found it during a joint cyber forensics operation at the Defcon hacker conference mere hours after word of its use broke.

"I noticed a Reddit post regarding some Mozilla Firefox zero-day possibly being used by the FBI in order to identify some users using Tor for crackdown on child pornography," sinn3r wrote. "The security community was amazing: within hours, we found more information such as brief analysis about the payload, simplified PoC, bug report on Mozilla, etc. The same day, I flew back to the Metasploit hideout (with Juan already there), and we started playing catch-up on the vulnerability."